CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

Published : 2019-01-31 18:29 Updated : 2019-05-04 02:29

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Openbsd Openssh 7.9 cpe:/a:openbsd:openssh:7.9
Winscp Winscp 5.13 cpe:/a:winscp:winscp:5.13
Netapp Element Software - cpe:/a:netapp:element_software:-
Netapp Ontap Select Deploy - cpe:/a:netapp:ontap_select_deploy:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
  1. Winscp (1) Search CVE
    1. Winscp (1) Search CVE
      1. 5.13
  2. Netapp (3) Search CVE
    1. Ontap Select Deploy (1) Search CVE
      1. -
    2. Element Software (1) Search CVE
      1. -
    3. Storage Automation Store (1) Search CVE
      1. -
  3. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
      4. 18.10
  4. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 7.9
  5. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 9.0
      2. 8.0

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes

Date Event
2019-05-04 02:29
2019-03-25 16:29
2019-03-21 16:01
2019-02-26 21:30
2019-02-14 11:29
2019-02-10 11:29
2019-02-09 11:29
2019-02-05 16:57
2019-02-01 14:29
2019-01-31 18:29

New CVE