Security News > 2016 > July > Exploit for GNU wget RCE flaw revealed (Help Net Security)
2016-07-05 21:03
Technical details about a serious vulnerability affecting all but the latest version of the GNU wget software have been released online, along with PoC exploit scenarios. Unearthed by security researcher Dawid Golunski, the flaw (CVE-2016-4971) was reported to the software’s developer through Beyond Security’s SecuriTeam, and has been fixed in version 1.18 of the popular utility for retrieving content from web servers. The vulnerability arose due to the way wget handles redirects, and could be … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/bugJD2513zo/
Related news
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-4971 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | 8.8 |