CVE-2016-7098

Published: 26 September 2016

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Priority

CVSS 3 base score: 8.1

Status

Package	Release	Status
wget Launchpad, Ubuntu, Debian	artful	Released (1.19.1-3ubuntu1.1)
	precise	Released (1.13.4-2ubuntu1.5)
	trusty	Released (1.15-1ubuntu1.14.04.3)
	upstream	Needs triage
	xenial	Released (1.17.1-1ubuntu1.3)
	yakkety	Ignored (reached end-of-life)
	zesty	Released (1.18-2ubuntu1.1)
	Patches: upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957 upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=49af22ca94570da3fa43c98e92ec0830f786db0d

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›