CVE-2016-5725
⚪ Do wiadomości
Luka w JCraft JSch pozwala zdalnym serwerom SFTP na zapis do dowolnych plików.
CVSS
5.9
EPSS
26.7%
Exploit
none
Vendor
jcraft
Opis źródłowy (NVD)
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
path-traversal
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.9 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 26.7% |
| Opublikowano (NVD) | 2017-01-19 22:59:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-13 00:24:29 UTC |
Referencje
- http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html (cve@mitre.org) [Third Party Advisory, VDB Entry]
- http://seclists.org/fulldisclosure/2016/Sep/53 (cve@mitre.org) [Mailing List, Third Party Advisory]
- http://www.jcraft.com/jsch/ChangeLog (cve@mitre.org) [Release Notes]
- http://www.securityfocus.com/bid/93100 (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://access.redhat.com/errata/RHSA-2017:3115 (cve@mitre.org)
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 (cve@mitre.org) [Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html (cve@mitre.org)
- https://www.exploit-db.com/exploits/40411/ (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://www.oracle.com/security-alerts/cpuApr2021.html (cve@mitre.org)
- https://www.oracle.com/security-alerts/cpujan2021.html (cve@mitre.org)
- https://www.oracle.com/security-alerts/cpuoct2020.html (cve@mitre.org)