{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-6111", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-12-18T14:35:00.730Z", "dateReserved": "2019-01-10T00:00:00.000Z", "datePublished": "2019-01-31T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "DSA-4387", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2019/dsa-4387"}, {"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"name": "106741", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/106741"}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"name": "USN-3885-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3885-1/"}, {"name": "USN-3885-2", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3885-2/"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"name": "46193", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"name": "GLSA-201903-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"}, {"name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"}, {"name": "FEDORA-2019-0f4190cdb0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}, {"name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"}, {"name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"}, {"name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"}, {"name": "openSUSE-SU-2019:1602", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"}, {"name": "FreeBSD-EN-19:10", "tags": ["vendor-advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"}, {"name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "RHSA-2019:3702", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3702"}, {"name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2019-01-31T00:00:00.000Z"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:23.623Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4387", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4387"}, {"url": "https://security.netapp.com/advisory/ntap-20190213-0001/", "tags": ["x_transferred"]}, {"name": "106741", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/106741"}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", "tags": ["x_transferred"]}, {"name": "USN-3885-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/3885-1/"}, {"name": "USN-3885-2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/3885-2/"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", "tags": ["x_transferred"]}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "tags": ["x_transferred"]}, {"name": "46193", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"name": "GLSA-201903-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"}, {"name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"}, {"name": "FEDORA-2019-0f4190cdb0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}, {"name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"}, {"name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"}, {"name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"}, {"name": "openSUSE-SU-2019:1602", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"}, {"name": "FreeBSD-EN-19:10", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"}, {"name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["x_transferred"]}, {"name": "RHSA-2019:3702", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3702"}, {"name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-18T14:34:56.672827Z", "id": "CVE-2019-6111", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T14:35:00.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.debian.org/security/2019/dsa-4387", "name": "DSA-4387", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20190213-0001/", "tags": ["x_transferred"]}, {"url": "http://www.securityfocus.com/bid/106741", "name": "106741", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c", "tags": ["x_transferred"]}, {"url": "https://usn.ubuntu.com/3885-1/", "name": "USN-3885-1", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://usn.ubuntu.com/3885-2/", "name": "USN-3885-2", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794", "tags": ["x_transferred"]}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "tags": ["x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/46193/", "name": "46193", "tags": ["exploit", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201903-16", "name": "GLSA-201903-16", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1", "name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", "name": "FEDORA-2019-0f4190cdb0", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", "name": "openSUSE-SU-2019:1602", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", "name": "FreeBSD-EN-19:10", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3702", "name": "RHSA-2019:3702", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1", "name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:23.623Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-6111", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-18T14:34:56.672827Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T14:33:15.839Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-31T00:00:00.000Z", "references": [{"url": "https://www.debian.org/security/2019/dsa-4387", "name": "DSA-4387", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"url": "http://www.securityfocus.com/bid/106741", "name": "106741", "tags": ["vdb-entry"]}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"url": "https://usn.ubuntu.com/3885-1/", "name": "USN-3885-1", "tags": ["vendor-advisory"]}, {"url": "https://usn.ubuntu.com/3885-2/", "name": "USN-3885-2", "tags": ["vendor-advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"url": "https://www.exploit-db.com/exploits/46193/", "name": "46193", "tags": ["exploit"]}, {"url": "https://security.gentoo.org/glsa/201903-16", "name": "GLSA-201903-16", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html", "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1", "name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/", "name": "FEDORA-2019-0f4190cdb0", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html", "name": "openSUSE-SU-2019:1602", "tags": ["vendor-advisory"]}, {"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc", "name": "FreeBSD-EN-19:10", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E", "name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3702", "name": "RHSA-2019:3702", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1", "name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", "tags": ["mailing-list"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2019-6111", "state": "PUBLISHED", "dateUpdated": "2025-12-18T14:35:00.730Z", "dateReserved": "2019-01-10T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2019-01-31T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", "versionEndIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "matchCriteriaId": "D93F5251-820D-4345-8DDE-CCBBE069A9C1", "versionEndIncluding": "5.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:mina_sshd:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF6C1E77-7C54-4825-A35C-5AE7369267F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "986856F8-40BE-412F-A4F0-902D4820C3E3", "versionEndExcluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."}, {"lang": "es", "value": "Se ha descubierto un problema en OpenSSH 7.9. Debido a que la implementaci\u00f3n de SCP deriva del rcp 1983, el servidor elige qu\u00e9 archivos/directorios se est\u00e1n enviando al cliente. Sin embargo, el cliente scp solo realiza la validaci\u00f3n superficial del nombre de objeto devuelto (solo se evitan los ataques de salto de directorio). Un servidor scp malicioso (o atacante Man-in-the-Middle) puede sobrescribir archivos arbitrarios en el directorio objetivo del cliente scp. Si se realiza la operaci\u00f3n recursiva (-r), el servidor tambi\u00e9n puede manipular subdirectorios (por ejemplo, para sobrescribir el archivo .ssh/authorized_keys)"}], "id": "CVE-2019-6111", "lastModified": "2025-12-18T15:15:48.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-01-31T18:29:00.867", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106741"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3702"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3885-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3885-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4387"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3702"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3885-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3885-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2019:3702", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "openssh-0:8.0p1-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3702", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "openssh-0:8.0p1-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}], "bugzilla": {"description": "openssh: Improper validation of object names allows malicious server to overwrite files via scp client", "id": "1666127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666127"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."], "mitigation": {"lang": "en:us", "value": "This issue only affects the users of scp binary which is a part of openssh-clients package. Other usage of SSH protocol or other ssh clients is not affected. Administrators can uninstall openssh-clients for additional protection against accidental usage of this binary. Removal of openssh-clients package will make the packaged binaries like scp, ssh etc unavailable. \nNote: This flaw requires a malicious MITM scp server for exploitation. Use cases where trusted SCP servers are used are not affected by this flaw."}, "name": "CVE-2019-6111", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2018-11-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-6111\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6111\nhttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"], "statement": "This issue affects the scp client shipped with openssh. The SSH protocol or the SSH client is not affected. For more detailed analysis please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1666127#c2", "threat_severity": "Moderate"}

{}