CVE-2004-0175

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

Published : 2004-08-18 04:00 Updated : 2017-10-11 01:29

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
  1. Openbsd (1) Search CVE
    1. Openssh (15) Search CVE
      1. 3.4p1
      2. 3.0.1
      3. 3.3
      4. 3.4
      5. 3.0.2
      6. 3.3p1
      7. 3.1
      8. 3.2
      9. 3.0
      10. 3.0p1
      11. 3.0.2p1
      12. 3.1p1
      13. 3.0.1p1
      14. 3.2.2p1
      15. 3.2.3p1

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes

Date Event
2017-07-11 14:36
2004-08-18 04:00

New CVE