{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-6111", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2022-12-13T00:00:00", "dateReserved": "2019-01-10T00:00:00", "datePublished": "2019-01-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "DSA-4387", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2019/dsa-4387"}, {"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"name": "106741", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/106741"}, {"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"name": "USN-3885-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3885-1/"}, {"name": "USN-3885-2", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3885-2/"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"}, {"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"name": "46193", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"name": "GLSA-201903-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"}, {"name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"}, {"name": "FEDORA-2019-0f4190cdb0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}, {"name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"}, {"name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"}, {"name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"}, {"name": "openSUSE-SU-2019:1602", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"}, {"name": "FreeBSD-EN-19:10", "tags": ["vendor-advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"}, {"name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "RHSA-2019:3702", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3702"}, {"name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2019-01-31T00:00:00"}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", "versionEndIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "matchCriteriaId": "D93F5251-820D-4345-8DDE-CCBBE069A9C1", "versionEndIncluding": "5.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:mina_sshd:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF6C1E77-7C54-4825-A35C-5AE7369267F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "986856F8-40BE-412F-A4F0-902D4820C3E3", "versionEndExcluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287", "versionEndExcluding": "xcp2361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F", "versionEndExcluding": "xcp3070", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."}, {"lang": "es", "value": "Se ha descubierto un problema en OpenSSH 7.9. Debido a que la implementaci\u00f3n de SCP deriva del rcp 1983, el servidor elige qu\u00e9 archivos/directorios se est\u00e1n enviando al cliente. Sin embargo, el cliente scp solo realiza la validaci\u00f3n superficial del nombre de objeto devuelto (solo se evitan los ataques de salto de directorio). Un servidor scp malicioso (o atacante Man-in-the-Middle) puede sobrescribir archivos arbitrarios en el directorio objetivo del cliente scp. Si se realiza la operaci\u00f3n recursiva (-r), el servidor tambi\u00e9n puede manipular subdirectorios (por ejemplo, para sobrescribir el archivo .ssh/authorized_keys)"}], "id": "CVE-2019-6111", "lastModified": "2023-11-07T03:13:05.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-31T18:29:00.867", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106741"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3702"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-16"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3885-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3885-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4387"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46193/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}