Back to list
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition
Nov 24 2016 03:52AM
Dawid Golunski (dawid legalhackers com)
Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition
Discovered by: Dawid Golunski (@dawid_golunski)
GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode,
is affected by a Race Condition vulnerability that might allow remote attackers
to bypass intended wget access list restrictions specified with -A parameter.
This might allow attackers to place malicious/restricted files onto the system.
Depending on the application / download directory, this could potentially lead
to other vulnerabilities such as code execution etc.
The full advisory and a PoC exploit can be found at:
For updates, follow:
[ reply ]
Copyright 2010, SecurityFocus