cvelistv5 - cve-2016-5725

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2016/Sep/53	Mailing List, Third Party Advisory
cve@mitre.org	http://www.jcraft.com/jsch/ChangeLog	Release Notes
cve@mitre.org	http://www.securityfocus.com/bid/93100	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2017:3115
cve@mitre.org	https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html
cve@mitre.org	https://www.exploit-db.com/exploits/40411/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.oracle.com/security-alerts/cpuApr2021.html
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2021.html
cve@mitre.org	https://www.oracle.com/security-alerts/cpuoct2020.html

▼	Vendor	Product
	n/a	n/a

ghsa-q446-82vq-w674

Vulnerability from github

Published

2022-05-13 01:09

Modified

2022-07-06 19:44

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch

Details

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.1.53"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.jcraft:jsch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-5725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T19:44:21Z",
    "nvd_published_at": "2017-01-19T22:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
  "id": "GHSA-q446-82vq-w674",
  "modified": "2022-07-06T19:44:21Z",
  "published": "2022-05-13T01:09:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3115"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40411"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
    },
    {
      "type": "WEB",
      "url": "http://www.jcraft.com/jsch/ChangeLog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch"
}

wid-sec-w-2023-0720

Vulnerability from csaf_certbund

Published

2017-11-02 23:00

Modified

2023-03-22 23:00

Summary

Red Hat JBoss: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB). JBoss A-MQ ist eine Messaging-Plattform.

Angriff

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmechanismen zu umgehen oder Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB).\r\nJBoss A-MQ ist eine Messaging-Plattform.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitsmechanismen zu umgehen oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0720 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-0720.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0720 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0720"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6965698 vom 2023-03-23",
        "url": "https://www.ibm.com/support/pages/node/6965698"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:3115 vom 2017-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2017:3115"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA 2184 vom 2020-04-25",
        "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00017.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat JBoss: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-03-22T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:20:11.903+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0720",
      "initial_release_date": "2017-11-02T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2017-11-02T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2017-11-02T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-04-26T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-03-22T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Tivoli Network Manager 4.2.0",
            "product": {
              "name": "IBM Tivoli Network Manager 4.2.0",
              "product_id": "T025751",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat JBoss A-MQ 6.3",
            "product": {
              "name": "Red Hat JBoss A-MQ 6.3",
              "product_id": "T008598",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:jboss_amq:6.3"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat JBoss Fuse 6.3",
            "product": {
              "name": "Red Hat JBoss Fuse 6.3",
              "product_id": "T008597",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:jboss_fuse:6.3"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "redhat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-3254",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle besteht in den Apache Thrift Client-Bibliotheken. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um eine unendliche Rekursion (infinite recursion) \u00fcber Vektoren mit der Skip-Funktion zu verursachen und in der Folge einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008598",
          "2951",
          "T025751",
          "T008597"
        ]
      },
      "release_date": "2017-11-02T23:00:00Z",
      "title": "CVE-2015-3254"
    },
    {
      "cve": "CVE-2016-5725",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle beruht auf einer unzureichenden Pr\u00fcfung von Berechtigungen in JSch. Ein Angreifer kann dieses zu einem Path Traversal Angriff nutzen und in der Folge beliebige Dateien \u00fcberschreiben. Zur erfolgreichen Ausnutzung dieser Schwachstelle ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008598",
          "2951",
          "T025751",
          "T008597"
        ]
      },
      "release_date": "2017-11-02T23:00:00Z",
      "title": "CVE-2016-5725"
    },
    {
      "cve": "CVE-2016-9878",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle beruht auf einer unzureichenden Pr\u00fcfung von Zugriffsberechtigungen im ResourceServlet im Spring Framework. Ein Angreifer kann dieses zu einem \"Path Traversal\" nutzen und in der Folge vertrauliche Informationen offenlegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008598",
          "2951",
          "T025751",
          "T008597"
        ]
      },
      "release_date": "2017-11-02T23:00:00Z",
      "title": "CVE-2016-9878"
    }
  ]
}

gsd-2016-5725

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Aliases

CVE-2016-5725

Aliases

CVE-2016-5725

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5725",
    "description": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
    "id": "GSD-2016-5725",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-5725.html",
      "https://access.redhat.com/errata/RHSA-2017:3115",
      "https://advisories.mageia.org/CVE-2016-5725.html",
      "https://packetstormsecurity.com/files/cve/CVE-2016-5725"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5725"
      ],
      "details": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
      "id": "GSD-2016-5725",
      "modified": "2023-12-13T01:21:25.547056Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-5725",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel \u003c= 0.1.53 recursive sftp-get path traversal (client-side, windows)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
          },
          {
            "name": "93100",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93100"
          },
          {
            "name": "RHSA-2017:3115",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:3115"
          },
          {
            "name": "40411",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40411/"
          },
          {
            "name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2184-1] jsch security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
          },
          {
            "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
            "refsource": "MISC",
            "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
          },
          {
            "name": "http://www.jcraft.com/jsch/ChangeLog",
            "refsource": "CONFIRM",
            "url": "http://www.jcraft.com/jsch/ChangeLog"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,0.1.53]",
          "affected_versions": "All versions up to 0.1.53",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2022-07-06",
          "description": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.",
          "fixed_versions": [
            "0.1.54"
          ],
          "identifier": "CVE-2016-5725",
          "identifiers": [
            "GHSA-q446-82vq-w674",
            "CVE-2016-5725"
          ],
          "not_impacted": "All versions after 0.1.53",
          "package_slug": "maven/com.jcraft/jsch",
          "pubdate": "2022-05-13",
          "solution": "Upgrade to version 0.1.54 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-5725",
            "https://access.redhat.com/errata/RHSA-2017:3115",
            "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
            "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html",
            "https://www.exploit-db.com/exploits/40411/",
            "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "https://www.oracle.com/security-alerts/cpujan2021.html",
            "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html",
            "http://seclists.org/fulldisclosure/2016/Sep/53",
            "http://www.jcraft.com/jsch/ChangeLog",
            "https://github.com/advisories/GHSA-q446-82vq-w674"
          ],
          "uuid": "d17468c3-6a4c-41d2-8007-7aab8c6c4372"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:jcraft:jsch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "0.1.53",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5725"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40411",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/40411/"
            },
            {
              "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
            },
            {
              "name": "93100",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93100"
            },
            {
              "name": "http://www.jcraft.com/jsch/ChangeLog",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes"
              ],
              "url": "http://www.jcraft.com/jsch/ChangeLog"
            },
            {
              "name": "20160921 CVE-2016-5725 - JCraft/JSch Java Secure Channel \u003c= 0.1.53 recursive sftp-get path traversal (client-side, windows)",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Sep/53"
            },
            {
              "name": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html"
            },
            {
              "name": "RHSA-2017:3115",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2017:3115"
            },
            {
              "name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2184-1] jsch security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-06-14T18:15Z",
      "publishedDate": "2017-01-19T22:59Z"
    }
  }
}

rhsa-2017_3115

Vulnerability from csaf_redhat

Published

2017-11-02 20:08

Modified

2024-11-05 20:15

Summary

Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update

Notes

Topic

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Security Fix(es): * It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct directory traversal attacks. (CVE-2016-9878) * A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function, resulting in a denial of service (DoS) condition. (CVE-2015-3254) * A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process. (CVE-2016-5725)

Terms of Use

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct directory traversal attacks. (CVE-2016-9878)\n\n* A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function, resulting in a denial of service (DoS) condition. (CVE-2015-3254)\n\n* A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process. (CVE-2016-5725)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:3115",
        "url": "https://access.redhat.com/errata/RHSA-2017:3115"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/",
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/"
      },
      {
        "category": "external",
        "summary": "1375941",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
      },
      {
        "category": "external",
        "summary": "1408164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
      },
      {
        "category": "external",
        "summary": "1462783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3115.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-05T20:15:28+00:00",
      "generator": {
        "date": "2024-11-05T20:15:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2017:3115",
      "initial_release_date": "2017-11-02T20:08:36+00:00",
      "revision_history": [
        {
          "date": "2017-11-02T20:08:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-11-02T20:08:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T20:15:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss A-MQ 6.3",
                "product": {
                  "name": "Red Hat JBoss A-MQ 6.3",
                  "product_id": "Red Hat JBoss A-MQ 6.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_amq:6.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Fuse 6.3",
                "product": {
                  "name": "Red Hat JBoss Fuse 6.3",
                  "product_id": "Red Hat JBoss Fuse 6.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse:6.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-3254",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2017-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1462783"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "thrift: Infinite recursion via vectors involving the skip function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3254"
        },
        {
          "category": "external",
          "summary": "RHBZ#1462783",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254"
        }
      ],
      "release_date": "2015-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "thrift: Infinite recursion via vectors involving the skip function"
    },
    {
      "cve": "CVE-2016-5725",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-09-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1375941"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsch: ChannelSftp path traversal vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "RHBZ#1375941",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725"
        },
        {
          "category": "external",
          "summary": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
          "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
        }
      ],
      "release_date": "2016-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsch: ChannelSftp path traversal vulnerability"
    },
    {
      "cve": "CVE-2016-9878",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2016-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1408164"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Framework: Directory Traversal in the Spring Framework ResourceServlet",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.3",
          "Red Hat JBoss Fuse 6.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "RHBZ#1408164",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878"
        },
        {
          "category": "external",
          "summary": "https://pivotal.io/security/cve-2016-9878",
          "url": "https://pivotal.io/security/cve-2016-9878"
        }
      ],
      "release_date": "2016-12-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-11-02T20:08:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3115"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.3",
            "Red Hat JBoss Fuse 6.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Framework: Directory Traversal in the Spring Framework ResourceServlet"
    }
  ]
}

Action not permitted

cve-2016-5725

Vulnerability from cvelistv5

ghsa-q446-82vq-w674

Vulnerability from github

wid-sec-w-2023-0720

Vulnerability from csaf_certbund

gsd-2016-5725

Vulnerability from gsd

rhsa-2017_3115

Vulnerability from csaf_redhat

Tags