cvelistv5 - CVE-2016-5725

CVE-2016-5725 (GCVE-0-2016-5725)

Vulnerability from cvelistv5 – Published: 2017-01-19 22:00 – Updated: 2024-08-06 01:07

Summary

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://seclists.org/fulldisclosure/2016/Sep/53	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/bid/93100	vdb-entryx_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:3115	vendor-advisoryx_refsource_REDHAT
	https://www.exploit-db.com/exploits/40411/	exploitx_refsource_EXPLOIT-DB
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	http://packetstormsecurity.com/files/138809/jsch-…	x_refsource_MISC
	https://github.com/tintinweb/pub/tree/master/pocs…	x_refsource_MISC
	http://www.jcraft.com/jsch/ChangeLog	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:59.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel \u003c= 0.1.53 recursive sftp-get path traversal (client-side, windows)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
          },
          {
            "name": "93100",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93100"
          },
          {
            "name": "RHSA-2017:3115",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3115"
          },
          {
            "name": "40411",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40411/"
          },
          {
            "name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2184-1] jsch security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.jcraft.com/jsch/ChangeLog"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel \u003c= 0.1.53 recursive sftp-get path traversal (client-side, windows)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
        },
        {
          "name": "93100",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93100"
        },
        {
          "name": "RHSA-2017:3115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        },
        {
          "name": "40411",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40411/"
        },
        {
          "name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2184-1] jsch security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.jcraft.com/jsch/ChangeLog"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5725",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel \u003c= 0.1.53 recursive sftp-get path traversal (client-side, windows)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
            },
            {
              "name": "93100",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93100"
            },
            {
              "name": "RHSA-2017:3115",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3115"
            },
            {
              "name": "40411",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40411/"
            },
            {
              "name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2184-1] jsch security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
            },
            {
              "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
              "refsource": "MISC",
              "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
            },
            {
              "name": "http://www.jcraft.com/jsch/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.jcraft.com/jsch/ChangeLog"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5725",
    "datePublished": "2017-01-19T22:00:00",
    "dateReserved": "2016-06-18T00:00:00",
    "dateUpdated": "2024-08-06T01:07:59.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jcraft:jsch:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.1.53\", \"matchCriteriaId\": \"34183875-C885-4586-9705-124BAD50B3A6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\\\ (dot dot backslash) in a response to a recursive GET command.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en JCraft JSch en versiones anteriores a 0.1.54 en Windows, cuando el modo es ChannelSftp.OVERWRITE, permite a servidores SFTP remotos escribir a archivos arbitrarios a trav\\u00e9s de una .. \\\\ (punto punto barra hacia atr\\u00e1s) en una respuesta a un comando GET recursivo.\"}]",
      "id": "CVE-2016-5725",
      "lastModified": "2024-11-21T02:54:53.767",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-19T22:59:00.150",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2016/Sep/53\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.jcraft.com/jsch/ChangeLog\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"http://www.securityfocus.com/bid/93100\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3115\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/40411/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2016/Sep/53\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.jcraft.com/jsch/ChangeLog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"http://www.securityfocus.com/bid/93100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3115\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/40411/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-5725\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-19T22:59:00.150\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\\\ (dot dot backslash) in a response to a recursive GET command.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en JCraft JSch en versiones anteriores a 0.1.54 en Windows, cuando el modo es ChannelSftp.OVERWRITE, permite a servidores SFTP remotos escribir a archivos arbitrarios a trav\u00e9s de una .. \\\\ (punto punto barra hacia atr\u00e1s) en una respuesta a un comando GET recursivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jcraft:jsch:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.1.53\",\"matchCriteriaId\":\"34183875-C885-4586-9705-124BAD50B3A6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/Sep/53\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.jcraft.com/jsch/ChangeLog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://www.securityfocus.com/bid/93100\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3115\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/40411/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/Sep/53\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.jcraft.com/jsch/ChangeLog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://www.securityfocus.com/bid/93100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40411/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-Q446-82VQ-W674

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-07-06 19:44

Summary

Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.1.53"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.jcraft:jsch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-5725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T19:44:21Z",
    "nvd_published_at": "2017-01-19T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
  "id": "GHSA-q446-82vq-w674",
  "modified": "2022-07-06T19:44:21Z",
  "published": "2022-05-13T01:09:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3115"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40411"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
    },
    {
      "type": "WEB",
      "url": "http://www.jcraft.com/jsch/ChangeLog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch"
}

GSD-2016-5725

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-5725

Aliases

CVE-2016-5725

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5725",
    "description": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
    "id": "GSD-2016-5725",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-5725.html",
      "https://access.redhat.com/errata/RHSA-2017:3115",
      "https://advisories.mageia.org/CVE-2016-5725.html",
      "https://packetstormsecurity.com/files/cve/CVE-2016-5725"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5725"
      ],
      "details": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
      "id": "GSD-2016-5725",
      "modified": "2023-12-13T01:21:25.547056Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-5725",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel \u003c= 0.1.53 recursive sftp-get path traversal (client-side, windows)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
          },
          {
            "name": "93100",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93100"
          },
          {
            "name": "RHSA-2017:3115",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:3115"
          },
          {
            "name": "40411",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40411/"
          },
          {
            "name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2184-1] jsch security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
          },
          {
            "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
            "refsource": "MISC",
            "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
          },
          {
            "name": "http://www.jcraft.com/jsch/ChangeLog",
            "refsource": "CONFIRM",
            "url": "http://www.jcraft.com/jsch/ChangeLog"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,0.1.53]",
          "affected_versions": "All versions up to 0.1.53",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2022-07-06",
          "description": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
          "fixed_versions": [
            "0.1.54"
          ],
          "identifier": "CVE-2016-5725",
          "identifiers": [
            "GHSA-q446-82vq-w674",
            "CVE-2016-5725"
          ],
          "not_impacted": "All versions after 0.1.53",
          "package_slug": "maven/com.jcraft/jsch",
          "pubdate": "2022-05-13",
          "solution": "Upgrade to version 0.1.54 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-5725",
            "https://access.redhat.com/errata/RHSA-2017:3115",
            "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
            "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html",
            "https://www.exploit-db.com/exploits/40411/",
            "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "https://www.oracle.com/security-alerts/cpujan2021.html",
            "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html",
            "http://seclists.org/fulldisclosure/2016/Sep/53",
            "http://www.jcraft.com/jsch/ChangeLog",
            "https://github.com/advisories/GHSA-q446-82vq-w674"
          ],
          "uuid": "d17468c3-6a4c-41d2-8007-7aab8c6c4372"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:jcraft:jsch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "0.1.53",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5725"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40411",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/40411/"
            },
            {
              "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
            },
            {
              "name": "93100",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93100"
            },
            {
              "name": "http://www.jcraft.com/jsch/ChangeLog",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes"
              ],
              "url": "http://www.jcraft.com/jsch/ChangeLog"
            },
            {
              "name": "20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel \u003c= 0.1.53 recursive sftp-get path traversal (client-side, windows)",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
            },
            {
              "name": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
            },
            {
              "name": "RHSA-2017:3115",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3115"
            },
            {
              "name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2184-1] jsch security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-06-14T18:15Z",
      "publishedDate": "2017-01-19T22:59Z"
    }
  }
}

WID-SEC-W-2023-0720

Vulnerability from csaf_certbund - Published: 2017-11-02 23:00 - Updated: 2023-03-22 23:00

Summary

Red Hat JBoss: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB). JBoss A-MQ ist eine Messaging-Plattform.

Angriff

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmechanismen zu umgehen oder Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB).\r\nJBoss A-MQ ist eine Messaging-Plattform.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitsmechanismen zu umgehen oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0720 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-0720.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0720 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0720"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6965698 vom 2023-03-23",
        "url": "https://www.ibm.com/support/pages/node/6965698"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:3115 vom 2017-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2017:3115"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA 2184 vom 2020-04-25",
        "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00017.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat JBoss: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-03-22T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:08.056+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0720",
      "initial_release_date": "2017-11-02T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2017-11-02T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2017-11-02T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-04-26T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-03-22T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Tivoli Network Manager 4.2.0",
            "product": {
              "name": "IBM Tivoli Network Manager 4.2.0",
              "product_id": "T025751",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat JBoss A-MQ 6.3",
            "product": {
              "name": "Red Hat JBoss A-MQ 6.3",
              "product_id": "T008598",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:jboss_amq:6.3"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat JBoss Fuse 6.3",
            "product": {
              "name": "Red Hat JBoss Fuse 6.3",
              "product_id": "T008597",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:jboss_fuse:6.3"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-3254",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle besteht in den Apache Thrift Client-Bibliotheken. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um eine unendliche Rekursion (infinite recursion) \u00fcber Vektoren mit der Skip-Funktion zu verursachen und in der Folge einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008598",
          "2951",
          "T025751",
          "T008597"
        ]
      },
      "release_date": "2017-11-02T23:00:00.000+00:00",
      "title": "CVE-2015-3254"
    },
    {
      "cve": "CVE-2016-5725",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle beruht auf einer unzureichenden Pr\u00fcfung von Berechtigungen in JSch. Ein Angreifer kann dieses zu einem Path Traversal Angriff nutzen und in der Folge beliebige Dateien \u00fcberschreiben. Zur erfolgreichen Ausnutzung dieser Schwachstelle ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008598",
          "2951",
          "T025751",
          "T008597"
        ]
      },
      "release_date": "2017-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-5725"
    },
    {
      "cve": "CVE-2016-9878",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle beruht auf einer unzureichenden Pr\u00fcfung von Zugriffsberechtigungen im ResourceServlet im Spring Framework. Ein Angreifer kann dieses zu einem \"Path Traversal\" nutzen und in der Folge vertrauliche Informationen offenlegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008598",
          "2951",
          "T025751",
          "T008597"
        ]
      },
      "release_date": "2017-11-02T23:00:00.000+00:00",
      "title": "CVE-2016-9878"
    }
  ]
}

RHSA-2017:3115

Vulnerability from csaf_redhat - Published: 2017-11-02 20:08 - Updated: 2025-11-21 18:02

Summary

Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update

Notes

Topic

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Security Fix(es): * It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct directory traversal attacks. (CVE-2016-9878) * A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function, resulting in a denial of service (DoS) condition. (CVE-2015-3254) * A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process. (CVE-2016-5725)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct directory traversal attacks. (CVE-2016-9878)\n\n* A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function, resulting in a denial of service (DoS) condition. (CVE-2015-3254)\n\n* A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process. (CVE-2016-5725)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:3115",
        "url": "https://access.redhat.com/errata/RHSA-2017:3115"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/",
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/"
      },
      {
        "category": "external",
        "summary": "1375941",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
      },
      {
        "category": "external",
        "summary": "1408164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
      },
      {
        "category": "external",
        "summary": "1462783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3115.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T18:02:47+00:00",
      "generator": {
        "date": "2025-11-21T18:02:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2017:3115",
      "initial_release_date": "2017-11-02T20:08:36+00:00",
      "revision_history": [
        {
          "date": "2017-11-02T20:08:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-11-02T20:08:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:02:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss A-MQ 6.3",
                "product": {
                  "name": "Red Hat JBoss A-MQ 6.3",
                  "product_id": "Red Hat JBoss A-MQ 6.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_amq:6.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Fuse 6.3",
                "product": {
                  "name": "Red Hat JBoss Fuse 6.3",
                  "product_id": "Red Hat JBoss Fuse 6.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse:6.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-3254",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2017-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1462783"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "thrift: Infinite recursion via vectors involving the skip function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3254"
        },
        {
          "category": "external",
          "summary": "RHBZ#1462783",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254"
        }
      ],
      "release_date": "2015-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "thrift: Infinite recursion via vectors involving the skip function"
    },
    {
      "cve": "CVE-2016-5725",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-09-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1375941"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsch: ChannelSftp path traversal vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "RHBZ#1375941",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
          "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
        }
      ],
      "release_date": "2016-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsch: ChannelSftp path traversal vulnerability"
    },
    {
      "cve": "CVE-2016-9878",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1408164"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Framework: Directory Traversal in the Spring Framework ResourceServlet",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "RHBZ#1408164",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "https://pivotal.io/security/cve-2016-9878",
          "url": "https://pivotal.io/security/cve-2016-9878"
        }
      ],
      "release_date": "2016-12-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Framework: Directory Traversal in the Spring Framework ResourceServlet"
    }
  ]
}

RHSA-2017_3115

Vulnerability from csaf_redhat - Published: 2017-11-02 20:08 - Updated: 2024-11-22 11:30

Summary

Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct directory traversal attacks. (CVE-2016-9878)\n\n* A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function, resulting in a denial of service (DoS) condition. (CVE-2015-3254)\n\n* A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process. (CVE-2016-5725)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:3115",
        "url": "https://access.redhat.com/errata/RHSA-2017:3115"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/",
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/"
      },
      {
        "category": "external",
        "summary": "1375941",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
      },
      {
        "category": "external",
        "summary": "1408164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
      },
      {
        "category": "external",
        "summary": "1462783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3115.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T11:30:39+00:00",
      "generator": {
        "date": "2024-11-22T11:30:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2017:3115",
      "initial_release_date": "2017-11-02T20:08:36+00:00",
      "revision_history": [
        {
          "date": "2017-11-02T20:08:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-11-02T20:08:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T11:30:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss A-MQ 6.3",
                "product": {
                  "name": "Red Hat JBoss A-MQ 6.3",
                  "product_id": "Red Hat JBoss A-MQ 6.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_amq:6.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Fuse 6.3",
                "product": {
                  "name": "Red Hat JBoss Fuse 6.3",
                  "product_id": "Red Hat JBoss Fuse 6.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse:6.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-3254",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2017-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1462783"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "thrift: Infinite recursion via vectors involving the skip function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3254"
        },
        {
          "category": "external",
          "summary": "RHBZ#1462783",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254"
        }
      ],
      "release_date": "2015-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "thrift: Infinite recursion via vectors involving the skip function"
    },
    {
      "cve": "CVE-2016-5725",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-09-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1375941"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsch: ChannelSftp path traversal vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "RHBZ#1375941",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
          "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
        }
      ],
      "release_date": "2016-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsch: ChannelSftp path traversal vulnerability"
    },
    {
      "cve": "CVE-2016-9878",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1408164"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Framework: Directory Traversal in the Spring Framework ResourceServlet",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "RHBZ#1408164",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "https://pivotal.io/security/cve-2016-9878",
          "url": "https://pivotal.io/security/cve-2016-9878"
        }
      ],
      "release_date": "2016-12-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Framework: Directory Traversal in the Spring Framework ResourceServlet"
    }
  ]
}

CNVD-2016-08240

Vulnerability from cnvd - Published: 2016-09-28

Title

JCraft JSch目录遍历漏洞

Description

JCraft JSch是日本JCraft公司的一套用于连接到sshd服务器的安全信道。 JCraft JSch 0.1.53之前的版本中存在目录遍历漏洞，攻击者可通过发送带有目录遍历字符‘..’的请求，利用该漏洞覆盖应用程序中的任意文件。

Severity

中

Patch Name

JCraft JSch目录遍历漏洞的补丁

Patch Description

JCraft JSch是日本JCraft公司的一套用于连接到sshd服务器的安全信道。 JCraft JSch 0.1.53之前的版本中存在目录遍历漏洞，攻击者可通过发送带有目录遍历字符‘..’的请求，利用该漏洞覆盖应用程序中的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.jcraft.com/jsch/ChangeLog

Reference

http://www.securityfocus.com/bid/93100

Impacted products

Name
JCraft JSch <0.1.53

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93100"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5725"
    }
  },
  "description": "JCraft JSch\u662f\u65e5\u672cJCraft\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u8fde\u63a5\u5230sshd\u670d\u52a1\u5668\u7684\u5b89\u5168\u4fe1\u9053\u3002\r\n\r\nJCraft JSch 0.1.53\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u76ee\u5f55\u904d\u5386\u5b57\u7b26\u2018..\u2019\u7684\u8bf7\u6c42\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "tintinweb",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.jcraft.com/jsch/ChangeLog",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08240",
  "openTime": "2016-09-28",
  "patchDescription": "JCraft JSch\u662f\u65e5\u672cJCraft\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u8fde\u63a5\u5230sshd\u670d\u52a1\u5668\u7684\u5b89\u5168\u4fe1\u9053\u3002\r\n\r\nJCraft JSch 0.1.53\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u76ee\u5f55\u904d\u5386\u5b57\u7b26\u2018..\u2019\u7684\u8bf7\u6c42\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "JCraft JSch\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "JCraft JSch \u003c0.1.53"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93100",
  "serverity": "\u4e2d",
  "submitTime": "2016-09-27",
  "title": "JCraft JSch\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

SUSE-SU-2017:0715-1

Vulnerability from csaf_suse - Published: 2017-03-17 07:36 - Updated: 2017-03-17 07:36

Summary

Security update for jsch

Notes

Title of the patch

Security update for jsch

Description of the patch

This update for jsch to version 0.1.54 fixes the following issues: Security issues fixed: - CVE-2016-5725: recursive sftp get client-side windows path traversal (bsc#997542). Bugfixes: - sftp-put may send the garbage data in some rare case. - fixed a deadlock bug in KnownHosts#getHostKey(). - SftpProgressMonitor#init() was not invoked in sftp-put by using the output-stream. - KnownHosts#setKnownHosts() should accept the non-existing file. - excluding the user interaction time from the timeout value. - addressing SFTP slow file transfer speed with Titan FTP. - updating copyright messages; 2015 -> 2016

Patchnames

SUSE-SUSE-Manager-Server-3.0-2017-391

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for jsch",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for jsch to version 0.1.54 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2016-5725: recursive sftp get client-side windows path traversal (bsc#997542).\n\nBugfixes:\n- sftp-put may send the garbage data in some rare case.\n- fixed a deadlock bug in KnownHosts#getHostKey().\n- SftpProgressMonitor#init() was not invoked in sftp-put by using the output-stream.\n- KnownHosts#setKnownHosts() should accept the non-existing file.\n- excluding the user interaction time from the timeout value.\n- addressing SFTP slow file transfer speed with Titan FTP.\n- updating copyright messages; 2015 -\u003e 2016\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SUSE-Manager-Server-3.0-2017-391",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0715-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:0715-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170715-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:0715-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-March/002702.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 997542",
        "url": "https://bugzilla.suse.com/997542"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-5725 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-5725/"
      }
    ],
    "title": "Security update for jsch",
    "tracking": {
      "current_release_date": "2017-03-17T07:36:39Z",
      "generator": {
        "date": "2017-03-17T07:36:39Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:0715-1",
      "initial_release_date": "2017-03-17T07:36:39Z",
      "revision_history": [
        {
          "date": "2017-03-17T07:36:39Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jsch-0.1.54-3.1.noarch",
                "product": {
                  "name": "jsch-0.1.54-3.1.noarch",
                  "product_id": "jsch-0.1.54-3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Server 3.0",
                "product": {
                  "name": "SUSE Manager Server 3.0",
                  "product_id": "SUSE Manager Server 3.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:3.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jsch-0.1.54-3.1.noarch as component of SUSE Manager Server 3.0",
          "product_id": "SUSE Manager Server 3.0:jsch-0.1.54-3.1.noarch"
        },
        "product_reference": "jsch-0.1.54-3.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-5725",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-5725"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Server 3.0:jsch-0.1.54-3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-5725",
          "url": "https://www.suse.com/security/cve/CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 997542 for CVE-2016-5725",
          "url": "https://bugzilla.suse.com/997542"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Server 3.0:jsch-0.1.54-3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Manager Server 3.0:jsch-0.1.54-3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-17T07:36:39Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-5725"
    }
  ]
}

FKIE_CVE-2016-5725

Vulnerability from fkie_nvd - Published: 2017-01-19 22:59 - Updated: 2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2016/Sep/53	Mailing List, Third Party Advisory
cve@mitre.org	http://www.jcraft.com/jsch/ChangeLog	Release Notes
cve@mitre.org	http://www.securityfocus.com/bid/93100	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2017:3115
cve@mitre.org	https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html
cve@mitre.org	https://www.exploit-db.com/exploits/40411/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.oracle.com/security-alerts/cpuApr2021.html
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2021.html
cve@mitre.org	https://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Sep/53	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.jcraft.com/jsch/ChangeLog	Release Notes
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93100	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:3115
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40411/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuApr2021.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2021.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html

Impacted products

	Vendor	Product	Version
	jcraft	jsch	*
	microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jcraft:jsch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34183875-C885-4586-9705-124BAD50B3A6",
              "versionEndIncluding": "0.1.53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en JCraft JSch en versiones anteriores a 0.1.54 en Windows, cuando el modo es ChannelSftp.OVERWRITE, permite a servidores SFTP remotos escribir a archivos arbitrarios a trav\u00e9s de una .. \\ (punto punto barra hacia atr\u00e1s) en una respuesta a un comando GET recursivo."
    }
  ],
  "id": "CVE-2016-5725",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-19T22:59:00.150",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.jcraft.com/jsch/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93100"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2017:3115"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40411/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.jcraft.com/jsch/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:3115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40411/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-5725 (GCVE-0-2016-5725)

Tags

Sightings

Nomenclature