CVE-2004-1488
First published: Tue Feb 15 2005(Updated: )
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Wget | =1.8.2 | |
| GNU Wget | =1.9 | |
| GNU Wget | =1.8 | |
| GNU Wget | =1.8.1 | |
| GNU Wget | =1.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755
- http://www.securityfocus.com/bid/11871
- http://securitytracker.com/id?1012472
- http://www.redhat.com/support/errata/RHSA-2005-771.html
- http://www.novell.com/linux/security/advisories/2006_16_sr.html
- http://secunia.com/advisories/20960
- http://marc.info/?l=bugtraq&m=110269474112384&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18421
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750
- https://usn.ubuntu.com/145-1/
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/gnu
- canonical/gnu wget
- version/gnu wget/1.8.2
- version/gnu wget/1.9
- version/gnu wget/1.8
- version/gnu wget/1.8.1
- version/gnu wget/1.9.1