CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Published : 2018-08-17 19:29 Updated : 2019-08-06 17:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Netapp Aff Baseboard Management Controller - cpe:/a:netapp:aff_baseboard_management_controller:-
Netapp Cloud Backup - cpe:/a:netapp:cloud_backup:-
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
Netapp Fas Baseboard Management Controller - cpe:/a:netapp:fas_baseboard_management_controller:-
Netapp Ontap Select Deploy - cpe:/a:netapp:ontap_select_deploy:-
Netapp Service Processor - cpe:/a:netapp:service_processor:-
Netapp Steelstore Cloud Integrated Storage - cpe:/a:netapp:steelstore_cloud_integrated_storage:-
Openbsd Openssh 7.7 cpe:/a:openbsd:openssh:7.7
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Netapp Clustered Data Ontap - cpe:/o:netapp:clustered_data_ontap:-
Netapp Cn1610 Firmware - cpe:/o:netapp:cn1610_firmware:-
Netapp Data Ontap - cpe:/o:netapp:data_ontap:-::~~~7-mode~~
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
  1. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 7.7
  2. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
  3. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 9.0
  4. Netapp (10) Search CVE
    1. Data Ontap (1) Search CVE
      1. -
    2. Data Ontap Edge (1) Search CVE
      1. -
    3. Cn1610 Firmware (1) Search CVE
      1. -
    4. Cloud Backup (1) Search CVE
      1. -
    5. Fas Baseboard Management Controller (1) Search CVE
      1. -
    6. Clustered Data Ontap (1) Search CVE
      1. -
    7. Aff Baseboard Management Controller (1) Search CVE
      1. -
    8. Steelstore Cloud Integrated Storage (1) Search CVE
      1. -
    9. Service Processor (1) Search CVE
      1. -
    10. Ontap Select Deploy (1) Search CVE
      1. -
  5. Redhat (3) Search CVE
    1. Enterprise Linux Desktop (1) Search CVE
      1. 6.0
    2. Enterprise Linux Workstation (1) Search CVE
      1. 6.0
    3. Enterprise Linux Server (1) Search CVE
      1. 6.0

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-08-06 17:15
2019-04-16 20:17
2019-04-09 10:29
2018-12-05 11:29
2018-11-07 11:29
2018-11-02 10:29
2018-10-20 10:29
2018-10-17 10:29
2018-10-16 13:26
2018-08-28 10:29
2018-08-24 10:29
2018-08-23 10:29
2018-08-22 10:29
2018-08-18 10:29
2018-08-17 19:29

New CVE