FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wget -- HTTP to FTP redirection file name confusion vulnerability

Affected packages
wget < 1.18


VuXML ID 6df56c60-3738-11e6-a671-60a44ce6887b
Discovery 2016-06-09
Entry 2016-06-21

Giuseppe Scrivano reports:

On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename.


CVE Name CVE-2016-4971