CVE-2016-7098
Summary
| CVE | CVE-2016-7098 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-09-26 14:59:00 UTC |
| Updated | 2017-09-03 01:29:00 UTC |
| Description | Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. |
Risk And Classification
Problem Types: CWE-362
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Re: [Bug-wget] Wget - acess list bypass / race condition PoC | MLIST | lists.gnu.org | Mailing List |
| [Bug-wget] Wget - acess list bypass / race condition PoC | MLIST | lists.gnu.org | Exploit, Mailing List |
| [SECURITY] [DLA 2086-1] wget security update | MLIST | lists.debian.org | |
| oss-security - Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability | MLIST | www.openwall.com | Mailing List |
| GNU Wget CVE-2016-7098 Security Bypass Vulnerability | BID | www.securityfocus.com | |
| openSUSE-SU-2017:0015-1: moderate: Security update for wget | SUSE | lists.opensuse.org | |
| GNU Wget < 1.18 - Access List Bypass / Race Condition - Multiple remote Exploit | EXPLOIT-DB | www.exploit-db.com | |
| openSUSE-SU-2016:2284-1: moderate: Security update for wget | SUSE | lists.opensuse.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.