PT-1999-1088 · Gnu · Wget
Published
1999-01-02
·
Updated
2022-08-17
·
CVE-1999-0402
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
wget version 1.5.3
Description
The issue allows wget to follow symlinks and change permissions of the target file instead of the symlink itself.
Recommendations
For version 1.5.3, consider updating to a newer version that does not follow symlinks when changing permissions, or apply a configuration change to prevent wget from following symlinks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wget