Short Name |
HTTP:GNU-WGET-SB |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
GNU Wget CVE-2016-7098 Security Bypass |
Release Date |
2017/01/19 |
Update Number |
2822 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against GNU Wget. An attacker can exploit this issue to bypass the security mechanism and perform unauthorized actions.
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.