Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which
some security features have been downgraded or disabled, aka a Terrapin
attack
The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 09 Sep 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat jboss Enterprise Application Platform |
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:8.0 | |
Vendors & Products |
Redhat
Redhat jboss Enterprise Application Platform |
Wed, 04 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 30 Aug 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache mina Sshd |
|
CPEs | cpe:2.3:a:apache:mina_sshd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache mina Sshd |
Fri, 16 Aug 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Mon, 12 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected. | |
Title | Apache MINA SSHD: integrity check bypass | |
Weaknesses | CWE-354 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-08-12T16:00:29.568Z
Updated: 2024-10-11T22:03:14.627Z
Reserved: 2024-07-23T15:14:34.330Z
Link: CVE-2024-41909
Vulnrichment
Updated: 2024-10-11T22:03:14.627Z
NVD
Status : Modified
Published: 2024-08-12T16:15:15.533
Modified: 2024-11-21T09:33:16.080
Link: CVE-2024-41909
Redhat