Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1488

9 documents9 sources

Severity

5.0MEDIUM

EPSS

13.3%

top 5.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU Wget

Timeline

PublishedApr 27

Latest updateApr 29

Description

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianwget< 1.9.1-11+3

▶NVDgnu/wget5 versions+4

🔴Vulnerability Details

GHSA

GHSA-xrhg-fh2g-fpxj: wget 1↗2022-04-29

▶

OSV

CVE-2004-1488: wget 1↗2005-04-27

▶

CVEList

CVE-2004-1488: wget 1↗2005-02-15

▶

💥Exploits & PoCs

Exploit-DB

GNU Wget 1.x - Multiple Vulnerabilities↗2004-12-10

▶

📋Vendor Advisories

Ubuntu

wget vulnerabilities↗2005-06-28

▶

Red Hat

security flaw↗2004-12-10

▶

Debian

CVE-2004-1488: wget - wget 1.8.x and 1.9.x does not filter or quote control characters when displaying...↗2004

▶

💬Community

Bugzilla

CVE-2004-1488 security flaw↗2018-08-16

▶