CVE-2016-4971

Published: 10 June 2016

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
wget
Launchpad, Ubuntu, Debian
Upstream
Released (1.18)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.17.1-1ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.15-1ubuntu1.14.04.2)
Ubuntu 12.04 ESM (Precise Pangolin)
Released (1.13.4-2ubuntu1.4)
Patches:
Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1