{"id":"CVE-2016-7098","details":"Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.","modified":"2026-04-16T06:15:15.472704669Z","published":"2016-09-26T14:59:08.273Z","related":["SUSE-SU-2016:2358-1","SUSE-SU-2016:3268-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/93157"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/40824/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/08/27/2"},{"type":"ARTICLE","url":"http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html"},{"type":"EVIDENCE","url":"http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.17"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7098.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}