CVE-2016-3115 - Vulnerability Details

Vendors	Products
Openbsd	Openssh
Oracle	Vm Server
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
openssh-0:5.3p1-114.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:0466	2016-03-21T00:00:00Z
Red Hat Enterprise Linux 7
openssh-0:6.6.1p1-25.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:0465	2016-03-21T00:00:00Z

Link	Providers
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
http://rhn.redhat.com/errata/RHSA-2016-0465.html
http://rhn.redhat.com/errata/RHSA-2016-0466.html
http://seclists.org/fulldisclosure/2016/Mar/46
http://seclists.org/fulldisclosure/2016/Mar/47
http://www.openssh.com/txt/x11fwd.adv
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/84314
http://www.securitytracker.com/id/1035249
https://bto.bluecoat.com/security-advisory/sa121
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
https://nvd.nist.gov/vuln/detail/CVE-2016-3115
https://security.gentoo.org/glsa/201612-18
https://www.cve.org/CVERecord?id=CVE-2016-3115
https://www.exploit-db.com/exploits/39569/
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-11T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"name": "FreeBSD-SA-16:14", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "39569", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39569/"}, {"name": "RHSA-2016:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"name": "1035249", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035249"}, {"name": "FEDORA-2016-fc1cc33e05", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"name": "FEDORA-2016-d339d610c1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"name": "GLSA-201612-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-18"}, {"name": "84314", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/84314"}, {"name": "FEDORA-2016-0bcab055a7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "FEDORA-2016-08e5803496", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"name": "RHSA-2016:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"name": "FEDORA-2016-188267b485", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"name": "FEDORA-2016-bb59db3c86", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.openssh.com/txt/x11fwd.adv", "refsource": "CONFIRM", "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", "refsource": "MISC", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"name": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"name": "FreeBSD-SA-16:14", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "39569", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39569/"}, {"name": "RHSA-2016:0466", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c", "refsource": "CONFIRM", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"name": "1035249", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035249"}, {"name": "FEDORA-2016-fc1cc33e05", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h", "refsource": "CONFIRM", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"name": "FEDORA-2016-d339d610c1", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"name": "https://bto.bluecoat.com/security-advisory/sa121", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"name": "GLSA-201612-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-18"}, {"name": "84314", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84314"}, {"name": "FEDORA-2016-0bcab055a7", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "FEDORA-2016-08e5803496", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"name": "RHSA-2016:0465", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"name": "FEDORA-2016-188267b485", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"name": "FEDORA-2016-bb59db3c86", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:47:57.380Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"name": "FreeBSD-SA-16:14", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "39569", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39569/"}, {"name": "RHSA-2016:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"name": "1035249", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035249"}, {"name": "FEDORA-2016-fc1cc33e05", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"name": "FEDORA-2016-d339d610c1", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"name": "GLSA-201612-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-18"}, {"name": "84314", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/84314"}, {"name": "FEDORA-2016-0bcab055a7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"name": "FEDORA-2016-08e5803496", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"name": "RHSA-2016:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"name": "FEDORA-2016-188267b485", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"name": "20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"name": "FEDORA-2016-bb59db3c86", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3115", "datePublished": "2016-03-22T10:00:00", "dateReserved": "2016-03-10T00:00:00", "dateUpdated": "2024-08-05T23:47:57.380Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-03-09T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-09-11T09:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.openssh.com/txt/x11fwd.adv (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html (string)

}

4 : { »

name : FreeBSD-SA-16:14 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FREEBSD (string)

]

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

6 : { »

name : 39569 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

]

url : https://www.exploit-db.com/exploits/39569/ (string)

}

7 : { »

name : RHSA-2016:0466 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0466.html (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c (string)

}

9 : { »

name : 1035249 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1035249 (string)

}

10 : { »

name : FEDORA-2016-fc1cc33e05 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h (string)

}

13 : { »

name : FEDORA-2016-d339d610c1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bto.bluecoat.com/security-advisory/sa121 (string)

}

15 : { »

name : GLSA-201612-18 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201612-18 (string)

}

16 : { »

name : 84314 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/84314 (string)

}

17 : { »

name : FEDORA-2016-0bcab055a7 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html (string)

}

18 : { »

name : [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html (string)

}

19 : { »

name : FEDORA-2016-08e5803496 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html (string)

}

20 : { »

name : 20160314 CVE-2016-3116 - Dropbear SSH xauth injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://seclists.org/fulldisclosure/2016/Mar/47 (string)

}

21 : { »

name : RHSA-2016:0465 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0465.html (string)

}

22 : { »

name : FEDORA-2016-188267b485 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html (string)

}

23 : { »

name : 20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://seclists.org/fulldisclosure/2016/Mar/46 (string)

}

24 : { »

name : FEDORA-2016-bb59db3c86 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2016-3115 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.openssh.com/txt/x11fwd.adv (string)

refsource : CONFIRM (string)

url : http://www.openssh.com/txt/x11fwd.adv (string)

}

1 : { »

name : http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html (string)

}

2 : { »

name : https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 (string)

refsource : MISC (string)

url : https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 (string)

}

3 : { »

name : http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html (string)

refsource : MISC (string)

url : http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html (string)

}

4 : { »

name : FreeBSD-SA-16:14 (string)

refsource : FREEBSD (string)

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc (string)

}

5 : { »

name : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

6 : { »

name : 39569 (string)

refsource : EXPLOIT-DB (string)

url : https://www.exploit-db.com/exploits/39569/ (string)

}

7 : { »

name : RHSA-2016:0466 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0466.html (string)

}

8 : { »

name : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c (string)

refsource : CONFIRM (string)

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c (string)

}

9 : { »

name : 1035249 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1035249 (string)

}

10 : { »

name : FEDORA-2016-fc1cc33e05 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html (string)

}

11 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

12 : { »

name : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h (string)

refsource : CONFIRM (string)

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h (string)

}

13 : { »

name : FEDORA-2016-d339d610c1 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html (string)

}

14 : { »

name : https://bto.bluecoat.com/security-advisory/sa121 (string)

refsource : CONFIRM (string)

url : https://bto.bluecoat.com/security-advisory/sa121 (string)

}

15 : { »

name : GLSA-201612-18 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201612-18 (string)

}

16 : { »

name : 84314 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/84314 (string)

}

17 : { »

name : FEDORA-2016-0bcab055a7 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html (string)

}

18 : { »

name : [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update (string)

refsource : MLIST (string)

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html (string)

}

19 : { »

name : FEDORA-2016-08e5803496 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html (string)

}

20 : { »

name : 20160314 CVE-2016-3116 - Dropbear SSH xauth injection (string)

refsource : FULLDISC (string)

url : http://seclists.org/fulldisclosure/2016/Mar/47 (string)

}

21 : { »

name : RHSA-2016:0465 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0465.html (string)

}

22 : { »

name : FEDORA-2016-188267b485 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html (string)

}

23 : { »

name : 20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection (string)

refsource : FULLDISC (string)

url : http://seclists.org/fulldisclosure/2016/Mar/46 (string)

}

24 : { »

name : FEDORA-2016-bb59db3c86 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T23:47:57.380Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.openssh.com/txt/x11fwd.adv (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html (string)

}

4 : { »

name : FreeBSD-SA-16:14 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FREEBSD (string)

2 : x_transferred (string)

]

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

6 : { »

name : 39569 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

2 : x_transferred (string)

]

url : https://www.exploit-db.com/exploits/39569/ (string)

}

7 : { »

name : RHSA-2016:0466 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0466.html (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c (string)

}

9 : { »

name : 1035249 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1035249 (string)

}

10 : { »

name : FEDORA-2016-fc1cc33e05 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h (string)

}

13 : { »

name : FEDORA-2016-d339d610c1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bto.bluecoat.com/security-advisory/sa121 (string)

}

15 : { »

name : GLSA-201612-18 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201612-18 (string)

}

16 : { »

name : 84314 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/84314 (string)

}

17 : { »

name : FEDORA-2016-0bcab055a7 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html (string)

}

18 : { »

name : [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html (string)

}

19 : { »

name : FEDORA-2016-08e5803496 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html (string)

}

20 : { »

name : 20160314 CVE-2016-3116 - Dropbear SSH xauth injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://seclists.org/fulldisclosure/2016/Mar/47 (string)

}

21 : { »

name : RHSA-2016:0465 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0465.html (string)

}

22 : { »

name : FEDORA-2016-188267b485 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html (string)

}

23 : { »

name : 20160314 CVE-2016-3115 - OpenSSH <=7.2p1 xauth injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://seclists.org/fulldisclosure/2016/Mar/46 (string)

}

24 : { »

name : FEDORA-2016-bb59db3c86 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2016-3115 (string)

datePublished : 2016-03-22T10:00:00 (string)

dateReserved : 2016-03-10T00:00:00 (string)

dateUpdated : 2024-08-05T23:47:57.380Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:p1:*:*:*:*:*:*", "matchCriteriaId": "0CA7032F-2B28-4AF4-B32B-910FE289A845", "versionEndIncluding": "7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FEC7F7E-AA94-4405-93D6-D0194A37D3C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a trav\u00e9s del redireccionamiento de datos X11 manipulados, relacionadas con las funciones (1) do_authenticated1 y (2) session_x11_req."}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/93.html\">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", "id": "CVE-2016-3115", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-22T10:59:02.917", "references": [{"source": "cve@mitre.org", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"source": "cve@mitre.org", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/84314"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035249"}, {"source": "cve@mitre.org", "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"source": "cve@mitre.org", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-18"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/39569/"}, {"source": "cve@mitre.org", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0466.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2016/Mar/46"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2016/Mar/47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.openssh.com/txt/x11fwd.adv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/84314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bto.bluecoat.com/security-advisory/sa121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201612-18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/39569/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openbsd:openssh:*:p1:*:*:*:*:*:* (string)

matchCriteriaId : 0CA7032F-2B28-4AF4-B32B-910FE289A845 (string)

versionEndIncluding : 7.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 5FEC7F7E-AA94-4405-93D6-D0194A37D3C9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. (string)

}

1 : { »

lang : es (string)

value : Múltiples vulnerabilidades de inyección CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de datos X11 manipulados, relacionadas con las funciones (1) do_authenticated1 y (2) session_x11_req. (string)

}

]

evaluatorComment : <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a> (string)

id : CVE-2016-3115 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.1 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-03-22T10:59:02.917 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html (string)

}

9 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0465.html (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0466.html (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://seclists.org/fulldisclosure/2016/Mar/46 (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://seclists.org/fulldisclosure/2016/Mar/47 (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.openssh.com/txt/x11fwd.adv (string)

}

14 : { »

source : cve@mitre.org (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

15 : { »

source : cve@mitre.org (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

16 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html (string)

}

17 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/84314 (string)

}

18 : { »

source : cve@mitre.org (string)

url : http://www.securitytracker.com/id/1035249 (string)

}

19 : { »

source : cve@mitre.org (string)

url : https://bto.bluecoat.com/security-advisory/sa121 (string)

}

20 : { »

source : cve@mitre.org (string)

url : https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 (string)

}

21 : { »

source : cve@mitre.org (string)

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html (string)

}

22 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/201612-18 (string)

}

23 : { »

source : cve@mitre.org (string)

url : https://www.exploit-db.com/exploits/39569/ (string)

}

24 : { »

source : cve@mitre.org (string)

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0465.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0466.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://seclists.org/fulldisclosure/2016/Mar/46 (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://seclists.org/fulldisclosure/2016/Mar/47 (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.openssh.com/txt/x11fwd.adv (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/84314 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1035249 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bto.bluecoat.com/security-advisory/sa121 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201612-18 (string)

}

48 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.exploit-db.com/exploits/39569/ (string)

}

49 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2016:0466", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssh-0:5.3p1-114.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-03-21T00:00:00Z"}, {"advisory": "RHSA-2016:0465", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssh-0:6.6.1p1-25.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-03-21T00:00:00Z"}], "bugzilla": {"description": "openssh: missing sanitisation of input for X11 forwarding", "id": "1316829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316829"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.", "It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions."], "mitigation": {"lang": "en:us", "value": "Set X11Forwarding=no in sshd_config.\nFor authorized_keys that specify a \"command\" restriction, this issue can be mitigated by also setting the \"no-X11-forwarding\" restriction. In OpenSSH 7.2 and later, the \"restrict\" restriction can be used instead, which includes the \"no-X11-forwarding\" restriction."}, "name": "CVE-2016-3115", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-3115\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3115\nhttp://www.openssh.com/txt/x11fwd.adv"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2016:0466 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : openssh-0:5.3p1-114.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2016-03-21T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2016:0465 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : openssh-0:6.6.1p1-25.el7_2 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2016-03-21T00:00:00Z (string)

}

]

bugzilla : { »

description : openssh: missing sanitisation of input for X11 forwarding (string)

id : 1316829 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1316829 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.9 (string)

cvss_scoring_vector : AV:N/AC:M/Au:S/C:P/I:P/A:N (string)

status : verified (string)

}

cwe : CWE-20 (string)

details : [ »

0 : Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. (string)

1 : It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (string)

]

mitigation : { »

lang : en:us (string)

value : Set X11Forwarding=no in sshd_config. For authorized_keys that specify a "command" restriction, this issue can be mitigated by also setting the "no-X11-forwarding" restriction. In OpenSSH 7.2 and later, the "restrict" restriction can be used instead, which includes the "no-X11-forwarding" restriction. (string)

}

name : CVE-2016-3115 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : openssh (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2016-03-10T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2016-3115 https://nvd.nist.gov/vuln/detail/CVE-2016-3115 http://www.openssh.com/txt/x11fwd.adv (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object