{"api_version":"1","generated_at":"2026-04-23T15:09:26+00:00","cve":"CVE-2018-1000500","urls":{"html":"https://cve.report/CVE-2018-1000500","api":"https://cve.report/api/cve/CVE-2018-1000500.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1000500","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000500"},"summary":{"title":"CVE-2018-1000500","description":"Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-06-26 16:29:00","updated_at":"2020-09-24 20:15:00"},"problem_types":["CWE-295"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/4531-1/","name":"USN-4531-1","refsource":"UBUNTU","tags":[],"title":"USN-4531-1: BusyBox vulnerability | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91","name":"https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"busybox - BusyBox: The Swiss Army Knife of Embedded Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.busybox.net/pipermail/busybox/2018-May/086462.html","name":"http://lists.busybox.net/pipermail/busybox/2018-May/086462.html","refsource":"MISC","tags":["Mailing List","Vendor Advisory"],"title":"[PATCH] wget: don't silently ignore certificate validation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1000500","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000500","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1000500","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"busybox","cpe5":"busybox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1000500","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"busybox","cpe5":"busybox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-1000500","qid":"500078","title":"Alpine Linux Security Update for busybox"},{"cve":"CVE-2018-1000500","qid":"503754","title":"Alpine Linux Security Update for busybox"},{"cve":"CVE-2018-1000500","qid":"751281","title":"SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2021:3531-1)"},{"cve":"CVE-2018-1000500","qid":"751290","title":"OpenSUSE Security Update for busybox (openSUSE-SU-2021:3531-1)"},{"cve":"CVE-2018-1000500","qid":"751304","title":"OpenSUSE Security Update for busybox (openSUSE-SU-2021:1408-1)"},{"cve":"CVE-2018-1000500","qid":"751624","title":"SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:0135-1)"},{"cve":"CVE-2018-1000500","qid":"751633","title":"OpenSUSE Security Update for busybox (openSUSE-SU-2022:0135-1)"},{"cve":"CVE-2018-1000500","qid":"752794","title":"SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:3959-1)"},{"cve":"CVE-2018-1000500","qid":"752903","title":"SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:4253-1)"},{"cve":"CVE-2018-1000500","qid":"900072","title":"CBL-Mariner Linux Security Update for busybox 1.31.1"},{"cve":"CVE-2018-1000500","qid":"903204","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (3176)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_ASSIGNED":"2018-06-23T11:22:32.999650","DATE_REQUESTED":"2018-05-27T16:58:52","ID":"CVE-2018-1000500","REQUESTER":"eschwartz@archlinux.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\"."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://lists.busybox.net/pipermail/busybox/2018-May/086462.html","refsource":"MISC","url":"http://lists.busybox.net/pipermail/busybox/2018-May/086462.html"},{"refsource":"CONFIRM","name":"https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91","url":"https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91"},{"refsource":"UBUNTU","name":"USN-4531-1","url":"https://usn.ubuntu.com/4531-1/"}]}},"nvd":{"publishedDate":"2018-06-26 16:29:00","lastModifiedDate":"2020-09-24 20:15:00","problem_types":["CWE-295"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*","versionEndExcluding":"1.32.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1000500","Ordinal":"129221","Title":"CVE-2018-1000500","CVE":"CVE-2018-1000500","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1000500","Ordinal":"1","NoteData":"Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1000500","Ordinal":"2","NoteData":"2018-06-26","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"1000500","Ordinal":"3","NoteData":"2020-09-24","Type":"Other","Title":"Modified"}]}}}