Download
| Alert*
|
oval:org.secpod.oval:def:700132
It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name , and possibly run arbitrary code. oval:org.secpod.oval:def:1000200 The host is missing a patch 125327-03 containing security fixes. oval:org.secpod.oval:def:1000319 The host is missing a patch 125326-03 containing security fixes. oval:org.secpod.oval:def:1000010 The host is missing a patch 125216-04 containing security fixes. oval:org.secpod.oval:def:1000152 The host is missing a patch 125215-04 containing security fixes. oval:org.secpod.oval:def:600124 It was discovered that wget, a command line tool for downloading files from the WWW, uses server-provided file names when creating local files. This may lead to code execution in some scenarios. After this update, wget will ignore server-provided file names. You can restore the old behavior in cases ... oval:org.secpod.oval:def:1500377 An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:300219 A vulnerability has been found and corrected in wget: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wget ... oval:org.secpod.oval:def:501188 The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in de ... oval:org.secpod.oval:def:203035 The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in de ... |
