CVE-2016-7098

Published: 26 September 2016

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Priority

CVSS 3 base score: 8.1

Status

Package	Release	Status
wget Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1.17.1-1ubuntu1.3)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.15-1ubuntu1.14.04.3)
	Patches: Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957 Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=49af22ca94570da3fa43c98e92ec0830f786db0d

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2016-7098

Low

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading