ALT-PU-2015-2095-1
Closed vulnerabilities
Published: 2016-09-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-7098
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
Severity: HIGH (8.1)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [bug-wget] 20160814 Wget - acess list bypass / race condition PoC
- [bug-wget] 20160814 Wget - acess list bypass / race condition PoC
- [bug-wget] 20160824 Re: Wget - acess list bypass / race condition PoC
- [bug-wget] 20160824 Re: Wget - acess list bypass / race condition PoC
- openSUSE-SU-2016:2284
- openSUSE-SU-2016:2284
- openSUSE-SU-2017:0015
- openSUSE-SU-2017:0015
- [oss-security] 20160827 Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability
- [oss-security] 20160827 Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability
- 93157
- 93157
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2086-1] wget security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2086-1] wget security update
- 40824
- 40824