cbcvebase.
CVE-2016-5725
published 2017-01-19

CVE-2016-5725: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to…

PriorityP354medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
EXPLOIT
EPSS
24.14%
97.6th percentile
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianjsch< jsch 0.1.54-1 (bookworm)jsch 0.1.54-1 (bookworm)
jcraftjsch<= 0.1.53
jcraftjsch>= 0 < 0.1.54-10.1.54-1
jcraftjsch>= 0 < 0.1.54-10.1.54-1
jcraftjsch>= 0 < 0.1.54-10.1.54-1
jcraftjsch>= 0 < 0.1.54-10.1.54-1

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
vendor_debian5.9LOW
vendor_oracle5.9MEDIUM
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.