This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:ssh:ssh:1.2.30 |
| Detail | |||
|---|---|---|---|
| Vendor | Ssh | First view | 2000-02-24 |
| Product | Ssh | Last view | 2011-05-31 |
| Version | 1.2.30 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:ssh:ssh | ||
Activity : Overall
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 7.8 | 2011-05-31 | CVE-2011-0766 | Network | Low | None Requ... | |
| 7.2 | 2002-12-31 | CVE-2002-1715 | Local | Low | None Requ... | |
| 7.5 | 2001-08-22 | CVE-2001-0572 | Network | Low | None Requ... | |
| 7.5 | 2001-06-27 | CVE-2001-0471 | Network | Low | None Requ... | |
| 4 | 2001-06-27 | CVE-2001-0361 | Network | High | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 3.6 | 2001-06-02 | CVE-2001-0259 | Local | Low | None Requ... | |
| 10 | 2001-03-12 | CVE-2001-0144 | Network | Low | None Requ... | |
| 7.5 | 2001-01-18 | CVE-2001-1476 | Network | Low | None Requ... | |
| 7.5 | 2001-01-18 | CVE-2001-1475 | Network | Low | None Requ... | |
| 5 | 2001-01-18 | CVE-2001-1474 | Network | Low | None Requ... | |
| 7.5 | 2001-01-18 | CVE-2001-1473 | Network | Low | None Requ... | |
| 5 | 2001-01-18 | CVE-2001-1470 | Network | Low | None Requ... | |
| 5 | 2001-01-18 | CVE-2001-1469 | Network | Low | None Requ... | |
| 5 | 2000-12-19 | CVE-2000-0992 | Network | Low | None Requ... | |
| 5.1 | 2000-02-24 | CVE-2000-0217 | Network | High | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (3) | CWE-310 | Cryptographic Issues |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:5397 | Multiple Vendor SSH Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:5729 | Multiple Vendor SSH 1.5 Session Key Recovery Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 73264 | Erlang/OTP SSH Predictable Seed Insecure Random Number Generator Weakness |
| 23589 | SSH Directory Permission Weakness Restricted Shell Bypass |
| 18235 | SSH RC4 with Password Authentication Message Reply Forced Server Key Generation |
| 18234 | SSH RC4 User Session Replay Password Portion Enumeration |
| 18232 | SSH-1 Protocol Duplicate Session ID Client Challenge Response Replay |
| id | Description |
|---|---|
| 18231 | SSH localhost Connection Host Key Check Bypass |
| 18230 | SSH-1 Protocol RC4 Stream Cipher CRC XOR Arbitrary Packet Modification |
| 18229 | SSH-1 Protocol IDEA Cipher Final Block CRC Modification |
| 8038 | SSH-1 Account Login Attempt Logging Failure |
| 6471 | SSH ssh-keygen with Secure-RPC SUN-DES-1 Phrase Recovery |
| 3562 | SSH Traffic Analysis Connection Attributes Disclosure |
| 3561 | Cisco Devices SSH Password Length Disclosure |
| 2116 | PKCS 1 Version 1.5 Session Key Retrieval (Bleichenbacher Attack) |
| 1586 | sshd scp Traversal Arbitrary File Overwrite |
| 1229 | SSH client xauth Session Hijacking |
| 795 | Multiple Vendor SSH CRC-32 detect_attack() Function Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-10-14 | Name : SSH SSH-1 Protocol Authentication Bypass Vulnerability File : nvt/gb_ssh_authentication_bypass_vuln.nasl |
| 2011-09-09 | Name : OpenSSH Ciphersuite Specification Information Disclosure Weakness File : nvt/gb_openssh_49473.nasl |
| 2011-08-03 | Name : FreeBSD Ports: erlang File : nvt/freebsd_erlang.nasl |
| 2011-08-02 | Name : Fedora Update for erlang FEDORA-2011-9598 File : nvt/gb_fedora_2011_9598_erlang_fc15.nasl |
| 2011-08-02 | Name : Fedora Update for erlang FEDORA-2011-9657 File : nvt/gb_fedora_2011_9657_erlang_fc14.nasl |
| id | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 023-1 (inn2) File : nvt/deb_023_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks) File : nvt/deb_086_1.nasl |
| 2005-11-03 | Name : SSH1 SSH Daemon Logging Failure File : nvt/ssh_bruteforce.nasl |
| 2005-11-03 | Name : SSH Secure-RPC Weak Encrypted Authentication File : nvt/ssh_keygen.nasl |
| 2005-11-03 | Name : PKCS 1 Version 1.5 Session Key Retrieval File : nvt/ssh_pkcs.nasl |
| 2005-11-03 | Name : scp File Create/Overwrite File : nvt/ssh_scp.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | ssh CRC32 overflow RuleID : 1327-community - Type : INDICATOR-SHELLCODE - Revision : 14 |
| 2014-01-10 | ssh CRC32 overflow RuleID : 1327 - Type : INDICATOR-SHELLCODE - Revision : 14 |
| 2014-01-10 | ssh CRC32 overflow NOOP RuleID : 1326-community - Type : INDICATOR-SHELLCODE - Revision : 13 |
| 2014-01-10 | ssh CRC32 overflow NOOP RuleID : 1326 - Type : INDICATOR-SHELLCODE - Revision : 13 |
| 2014-01-10 | ssh CRC32 overflow filler RuleID : 1325-community - Type : INDICATOR-SHELLCODE - Revision : 14 |
| Date | Description |
|---|---|
| 2014-01-10 | ssh CRC32 overflow filler RuleID : 1325 - Type : INDICATOR-SHELLCODE - Revision : 14 |
| 2014-01-10 | ssh CRC32 overflow /bin/sh RuleID : 1324-community - Type : INDICATOR-SHELLCODE - Revision : 12 |
| 2014-01-10 | ssh CRC32 overflow /bin/sh RuleID : 1324 - Type : INDICATOR-SHELLCODE - Revision : 12 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2011-10-04 | Name : The remote host has an application installed that is affected by a session hi... File : openssh_123.nasl - Type : ACT_GATHER_INFO |
| 2011-10-04 | Name : Remote attackers may be able to infer information about traffic inside an SSH... File : openssh_252.nasl - Type : ACT_GATHER_INFO |
| 2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
| 2011-08-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9598.nasl - Type : ACT_GATHER_INFO |
| 2011-08-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9657.nasl - Type : ACT_GATHER_INFO |
| id | Description |
|---|---|
| 2011-05-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e483392786e511e0a6b4000a5e1e33c6.nasl - Type : ACT_GATHER_INFO |
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch File : cisco-sa-20010627-sshhttp.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-023.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-027.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-086.nasl - Type : ACT_GATHER_INFO |
| 2004-09-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2001-033.nasl - Type : ACT_GATHER_INFO |
| 2003-03-10 | Name : The remote SSH server does not properly log repeated logins attempts. File : ssh_bruteforce.nasl - Type : ACT_GATHER_INFO |
| 2003-03-10 | Name : The remote SSH server might allow a local user to recover a SUN-DES-1 passphr... File : ssh_keygen.nasl - Type : ACT_GATHER_INFO |
| 2003-03-10 | Name : The remote host has an application that is affected by a directory traversal ... File : ssh_scp.nasl - Type : ACT_GATHER_INFO |
| 2002-06-05 | Name : The remote network device is running an SSH server with multiple vulnerabilit... File : cisco_ssh_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
| 2002-03-06 | Name : The remote service offers an insecure cryptographic protocol. File : ssh1_proto_enabled.nasl - Type : ACT_GATHER_INFO |
| 2001-02-09 | Name : It is possible to execute arbitrary code on the remote host. File : ssh_crc32.nasl - Type : ACT_GATHER_INFO |
