Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-7098

Published: 26 September 2016

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Priority

Low

CVSS 3 base score: 8.1

Status

Package Release Status
wget
Launchpad, Ubuntu, Debian
artful
Released (1.19.1-3ubuntu1.1)
precise
Released (1.13.4-2ubuntu1.5)
trusty
Released (1.15-1ubuntu1.14.04.3)
upstream Needs triage

xenial
Released (1.17.1-1ubuntu1.3)
yakkety Ignored
(reached end-of-life)
zesty
Released (1.18-2ubuntu1.1)
Patches:
upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957
upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=49af22ca94570da3fa43c98e92ec0830f786db0d