CVE-2016-7098

🗓️ 26 Sep 2016 14:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 134 Views🌐 WEB

Wget 1.17 and earlier allows remote servers to bypass access list restrictions via a race condition in recursive or mirroring mode.

Reporter	Title	Published	Views	Family All 57
0day.today	GNU Wget < 1.18 - Access List Bypass / Race Condition Vulnerabilities	24 Nov 201600:00	–	zdt
FreeBSD	wget -- Access List Bypass / Race Condition	24 Nov 201600:00	–	freebsd
Broadcom	BSA-2017-214	31 Mar 201700:00	–	broadcom
Cloud Foundry	USN-3464-1: Wget vulnerabilities \| Cloud Foundry	27 Nov 201700:00	–	cloudfoundry
Circl	CVE-2016-7098	24 Nov 201600:00	–	circl
CNVD	GNU wget Competitive Conditions Vulnerability	28 Sep 201600:00	–	cnvd
Cvelist	CVE-2016-7098	26 Sep 201614:00	–	cvelist
Debian	[SECURITY] [DLA 2086-1] wget security update	29 Jan 202021:58	–	debian
Debian CVE	CVE-2016-7098	26 Sep 201614:00	–	debiancve
Tenable Nessus	Debian DLA-2086-1 : wget security update	30 Jan 202000:00	–	nessus

NVD

Node

gnu wgetRange≤1.17

Source	Link
openwall	www.openwall.com/lists/oss-security/2016/08/27/2
lists	www.lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html
securityfocus	www.securityfocus.com/bid/93157
lists	www.lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html
exploit-db	www.exploit-db.com/exploits/40824/
lists	www.lists.opensuse.org/opensuse-updates/2017-01/msg00007.html
lists	www.lists.opensuse.org/opensuse-updates/2016-09/msg00044.html
lists	www.lists.debian.org/debian-lts-announce/2020/01/msg00031.html

Parameter	Position	Path	Description	CWE
imgurl	query param	victimsvr/image_importer.php	Vulnerable PHP app using wget in recursive mode allows bypass of access restrictions via -A when processing a single file (race condition).	CWE-362
cmd	query param	victimsvr/image_uploads/webshell.php	Webshell executable uploaded during the race condition PoC can be triggered via a cmd parameter in a GET request.	CWE-362

06 May 2026 22:30Current

7.8High risk

Vulners AI Score7.8

CVSS 26.8

CVSS 38.1

EPSS0.06681