CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Published : 2019-01-31 18:29 Updated : 2019-04-18 15:27

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Openbsd Openssh 7.9 cpe:/a:openbsd:openssh:7.9
Winscp Winscp 5.13 cpe:/a:winscp:winscp:5.13
Netapp Element Software - cpe:/a:netapp:element_software:-
Netapp Ontap Select Deploy - cpe:/a:netapp:ontap_select_deploy:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
  1. Netapp (3) Search CVE
    1. Element Software (1) Search CVE
      1. -
    2. Storage Automation Store (1) Search CVE
      1. -
    3. Ontap Select Deploy (1) Search CVE
      1. -
  2. Winscp (1) Search CVE
    1. Winscp (1) Search CVE
      1. 5.13
  3. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 7.9

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes

Date Event
2019-04-18 15:27
2019-03-21 16:01
2019-02-27 14:23
2019-02-14 11:29
2019-02-05 16:50
2019-02-01 11:29
2019-01-31 18:29

New CVE