{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-11T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"name": "FreeBSD-SA-16:14", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "39569", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39569/"}, {"name": "RHSA-2016:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"name": "1035249", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035249"}, {"name": "FEDORA-2016-fc1cc33e05", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"name": "FEDORA-2016-d339d610c1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"name": "GLSA-201612-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-18"}, {"name": "84314", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/84314"}, {"name": "FEDORA-2016-0bcab055a7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "FEDORA-2016-08e5803496", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"name": "RHSA-2016:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"name": "FEDORA-2016-188267b485", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"name": "FEDORA-2016-bb59db3c86", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.openssh.com/txt/x11fwd.adv", "refsource": "CONFIRM", "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", "refsource": "MISC", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"name": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"name": "FreeBSD-SA-16:14", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "39569", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39569/"}, {"name": "RHSA-2016:0466", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c", "refsource": "CONFIRM", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"name": "1035249", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035249"}, {"name": "FEDORA-2016-fc1cc33e05", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h", "refsource": "CONFIRM", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"name": "FEDORA-2016-d339d610c1", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"name": "https://bto.bluecoat.com/security-advisory/sa121", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"name": "GLSA-201612-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-18"}, {"name": "84314", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84314"}, {"name": "FEDORA-2016-0bcab055a7", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "FEDORA-2016-08e5803496", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"name": "RHSA-2016:0465", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"name": "FEDORA-2016-188267b485", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"name": "FEDORA-2016-bb59db3c86", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:47:57.380Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"name": "FreeBSD-SA-16:14", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "39569", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39569/"}, {"name": "RHSA-2016:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"name": "1035249", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035249"}, {"name": "FEDORA-2016-fc1cc33e05", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"name": "FEDORA-2016-d339d610c1", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"name": "GLSA-201612-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-18"}, {"name": "84314", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/84314"}, {"name": "FEDORA-2016-0bcab055a7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "FEDORA-2016-08e5803496", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"name": "RHSA-2016:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"name": "FEDORA-2016-188267b485", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"name": "FEDORA-2016-bb59db3c86", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3115", "datePublished": "2016-03-22T10:00:00", "dateReserved": "2016-03-10T00:00:00", "dateUpdated": "2024-08-05T23:47:57.380Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:p1:*:*:*:*:*:*", "matchCriteriaId": "0CA7032F-2B28-4AF4-B32B-910FE289A845", "versionEndIncluding": "7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FEC7F7E-AA94-4405-93D6-D0194A37D3C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a trav\u00e9s del redireccionamiento de datos X11 manipulados, relacionadas con las funciones (1) do_authenticated1 y (2) session_x11_req."}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", "id": "CVE-2016-3115", "lastModified": "2018-09-11T10:29:01.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-22T10:59:02.917", "references": [{"source": "cve@mitre.org", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"source": "cve@mitre.org", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/84314"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035249"}, {"source": "cve@mitre.org", "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"source": "cve@mitre.org", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-18"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/39569/"}, {"source": "cve@mitre.org", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0466", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssh-0:5.3p1-114.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-03-21T00:00:00Z"}, {"advisory": "RHSA-2016:0465", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssh-0:6.6.1p1-25.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-03-21T00:00:00Z"}], "bugzilla": {"description": "openssh: missing sanitisation of input for X11 forwarding", "id": "1316829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316829"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.", "It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions."], "mitigation": {"lang": "en:us", "value": "Set X11Forwarding=no in sshd_config.\nFor authorized_keys that specify a \"command\" restriction, this issue can be mitigated by also setting the \"no-X11-forwarding\" restriction. In OpenSSH 7.2 and later, the \"restrict\" restriction can be used instead, which includes the \"no-X11-forwarding\" restriction."}, "name": "CVE-2016-3115", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-3115\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3115\nhttp://www.openssh.com/txt/x11fwd.adv"], "threat_severity": "Moderate", "upstream_fix": "openssh 7.2p2"}