CVE-2016-7098 - OpenCVE

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Wget

Configuration 1 [-]

cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html	Exploit Mailing List
http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html	Mailing List
http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html
http://www.openwall.com/lists/oss-security/2016/08/27/2	Mailing List
http://www.securityfocus.com/bid/93157
https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html
https://www.exploit-db.com/exploits/40824/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-09-26T14:00:00

Updated: 2020-01-29T23:06:04

Reserved: 2016-08-26T00:00:00

Link: CVE-2016-7098

JSON object: View

NVD Information

Status : Modified

Published: 2016-09-26T14:59:08.273

Modified: 2017-09-03T01:29:12.000

Link: CVE-2016-7098

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-29T23:06:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20160827 Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/08/27/2"}, {"name": "openSUSE-SU-2017:0015", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html"}, {"name": "openSUSE-SU-2016:2284", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html"}, {"name": "93157", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93157"}, {"name": "40824", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40824/"}, {"name": "[bug-wget] 20160814 Wget - acess list bypass / race condition PoC", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html"}, {"name": "[bug-wget] 20160824 Re: Wget - acess list bypass / race condition PoC", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html"}, {"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2086-1] wget security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-7098", "datePublished": "2016-09-26T14:00:00", "dateReserved": "2016-08-26T00:00:00", "dateUpdated": "2020-01-29T23:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*", "matchCriteriaId": "32DFE38D-9B34-411B-B5A2-333F3CDAA9B8", "versionEndIncluding": "1.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open."}, {"lang": "es", "value": "Condici\u00f3n de carrera en wget1.17 y versiones anteriores, cuando es utilizado en modo recursivo o de reflejo para descargar un \u00fanico archivo, podr\u00eda permitir a servidores remotos eludir las restricciones de lista destinadas al acceso manteniendo una conexi\u00f3n HTTP abierta."}], "id": "CVE-2016-7098", "lastModified": "2017-09-03T01:29:12.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-26T14:59:08.273", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List"], "url": "http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/08/27/2"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/93157"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html"}, {"source": "secalert@redhat.com", "url": "https://www.exploit-db.com/exploits/40824/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}