FKIE_CVE-2010-2252

Vulnerability from fkie_nvd - Published: 2010-07-06 17:17 - Updated: 2025-04-11 00:51
Severity ?
Summary
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
References
cve@mitre.orghttp://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html
cve@mitre.orghttp://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html
cve@mitre.orghttp://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html
cve@mitre.orghttp://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html
cve@mitre.orghttp://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html
cve@mitre.orghttp://marc.info/?l=oss-security&m=127411372529485&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127412569216380&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127416905831994&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127422615924593&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127427572721591&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127432968701342&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127441275821210&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127611288927500&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2014-0151.html
cve@mitre.orghttp://www.ocert.org/advisories/ocert-2010-001.html
cve@mitre.orghttp://www.securityfocus.com/bid/65722
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=591580
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=602797
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127411372529485&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127412569216380&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127416905831994&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127422615924593&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127427572721591&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127432968701342&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127441275821210&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127611288927500&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0151.html
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2010-001.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65722
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=591580
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=602797
Impacted products
Vendor Product Version
gnu wget *
gnu wget 1.5.3
gnu wget 1.6
gnu wget 1.7
gnu wget 1.7.1
gnu wget 1.8
gnu wget 1.8.1
gnu wget 1.8.2
gnu wget 1.9
gnu wget 1.9.1
gnu wget 1.10
gnu wget 1.10.1
gnu wget 1.10.2
gnu wget 1.11
gnu wget 1.11.1
gnu wget 1.11.2
gnu wget 1.11.3
gnu wget 1.11.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44513D0B-6636-4977-A3B9-F65CFA70B929",
              "versionEndIncluding": "1.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50DD71F2-0B3C-4082-950A-CBFA5C601AEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B3B1B6-3985-4479-93B2-14E1AB52F768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC975AA-0F98-4A3A-B3B4-2152156327D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEDFB88-C435-4FB9-838D-8199690A8F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E758F9-798B-4C25-A94A-8BF4E3E90B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDE8FE2E-40EF-4B86-A01E-7777FBDABB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E097843-1854-4C5E-BB27-07280EB3EEB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1047974D-7A5D-4533-996B-2B09EC7E8789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C40562DA-2B50-4B30-B0D8-B62913FCC680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B63798-366A-4778-987D-19307228E13B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DEBAA0-B537-4EEC-8EA2-E503F26A0496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC161C5-5247-4A3C-AB56-6562B0A65D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F710A7B-ACF3-4955-97E9-07187069CDBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
    },
    {
      "lang": "es",
      "value": "GNU Wget v1.12 y anteriores usan un nombre de fichero proporcionado por el servidor en lugar de la URL original para determinar el nombre de fichero destino de una descarga, lo que permite a servidores remotos crear o sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de redirecciones 3xx en una URL con nombre de fichero .wgetrc seguido por la redirecci\u00f3n 3xx en una URL con un nombre de fichero manipulado, y probablemente ejecutar c\u00f3digo de su elecci\u00f3n como consecuencia de escribir un fichero punto en un directorio home."
    }
  ],
  "id": "CVE-2010-2252",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-07-06T17:17:13.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127412569216380\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127416905831994\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127422615924593\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127427572721591\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127432968701342\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127441275821210\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/65722"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127412569216380\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127416905831994\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127422615924593\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127427572721591\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127432968701342\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127441275821210\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.