CVE-2004-1488

wget <1.8.x-1.9.x - Code Injection

Title source: llm

Description

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jan Minar · perlremotelinux

https://www.exploit-db.com/exploits/24813

View Code ZIP pw:eip

References (10)

[Third Party Advisory] http://secunia.com/advisories/20960

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-771.html

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/11871

[Mailing List] http://marc.info/?l=bugtraq&m=110269474112384&w=2

[Vendor Advisory] https://usn.ubuntu.com/145-1/

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006_16_sr.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18421

[Exploit, Vendor Advisory] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1012472

Scores

EPSS 0.1330

EPSS Percentile 94.2%

Details

Status published

Products (5)

gnu/wget 1.8

gnu/wget 1.8.1

gnu/wget 1.8.2

gnu/wget 1.9

gnu/wget 1.9.1

Published Apr 27, 2005

Tracked Since Feb 18, 2026