VDB
CVE-2016-7098
CVE-2016-7098
PUBLISHED
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
EPSS 6.68% · 91.4th percentile
Risk Scores
EPSS Score
6.68%
91.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | wget | 1.15-1ubuntu1, 0, 1.14-2ubuntu1 |
| Ubuntu:16.04:LTS | wget | 1.16.1-1ubuntu1, 1.17.1-1ubuntu1, 1.17.1-1ubuntu1.2 |
Exploit Intelligence
- http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html (nist-nvd)
- CIRCL exploited: CVE-2016-7098 (circl-sighting)
- [oss-security] 20160827 Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability (circl)
- openSUSE-SU-2017:0015 (circl)
- openSUSE-SU-2016:2284 (circl)
- 93157 (circl)
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2086-1] wget security update (circl)
- 40824 (cve.org)
- [bug-wget] 20160824 Re: Wget - acess list bypass / race condition PoC (cve.org)
- GNU Wget < 1.18 - Access List Bypass / Race Condition Vulnerabilities (0day-today)
…and 1 more exploits
Timeline
- Sep 26, 2016 CVE Published
- Nov 24, 2016 PoC Published
- Nov 24, 2016 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-7098 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/08/12/2 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/08/27/2 third-party-advisory
- https://ubuntu.com/security/notices/USN-3464-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3464-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-7098 third-party-advisory