Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2016-7098

Published: 26/09/2016 Updated: 03/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Wget

Vulnerability Summary

Race condition in wget 1.17 and previous versions, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu wget

Vendor Advisories

Debian CVElist Bug Report Logs: wget: CVE-2016-7098: files rejected by access list are kept on the disk for the duration of HTTP connection
Debian Bug report logs - #836503 wget: CVE-2016-7098: files rejected by access list are kept on the disk for the duration of HTTP connection Package: src:wget; Maintainer for src:wget is Noël Köthe <noel@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Sep 2016 14:24:01 UTC Severity: ...
Ubuntu Security Notice: wget vulnerabilities
Several security issues were fixed in Wget ...
Ubuntu Security Notice: wget vulnerabilities
Several security issues were fixed in Wget ...
Red Hat: CVE-2016-7098
Race condition in wget 117 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open ...

Exploits

Exploit DB: GNU Wget < 1.18 - Access List Bypass / Race Condition
''' ============================================= - Discovered by: Dawid Golunski - dawid[at]legalhackerscom - legalhackerscom - legalhackerscom/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098html - CVE-2016-7098 - Release date: 24112016 - Revision 10 - Severity: Medium ============================================= ...
Exploit DB: GNU Wget Access List Bypass / Race Condition
GNU wget versions 117 and earlier, when used in mirroring/recursive mode, are affected by a race condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with the -A parameter This might allow attackers to place malicious/restricted files onto the system Depending on the application / d ...

References

CWE-362http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.htmlhttp://www.openwall.com/lists/oss-security/2016/08/27/2http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.htmlhttp://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.htmlhttp://www.securityfocus.com/bid/93157http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.htmlhttps://www.exploit-db.com/exploits/40824/https://lists.debian.org/debian-lts-announce/2020/01/msg00031.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836503https://nvd.nist.govhttps://usn.ubuntu.com/3464-1/https://www.exploit-db.com/exploits/40824/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook