CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Published : 2019-01-31 18:29 Updated : 2019-04-18 15:27

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Openbsd Openssh 7.9 cpe:/a:openbsd:openssh:7.9
Winscp Winscp 5.13 cpe:/a:winscp:winscp:5.13
Netapp Element Software - cpe:/a:netapp:element_software:-
Netapp Ontap Select Deploy - cpe:/a:netapp:ontap_select_deploy:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
  1. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 7.9
  2. Winscp (1) Search CVE
    1. Winscp (1) Search CVE
      1. 5.13
  3. Netapp (3) Search CVE
    1. Storage Automation Store (1) Search CVE
      1. -
    2. Element Software (1) Search CVE
      1. -
    3. Ontap Select Deploy (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes

Date Event
2019-04-18 15:27
2019-03-21 16:01
2019-02-27 14:23
2019-02-14 11:29
2019-02-05 16:50
2019-02-01 11:29
2019-01-31 18:29

New CVE