CVE-2016-5725
published 2017-01-19CVE-2016-5725: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to…
PriorityP354medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
EXPLOIT
EPSS
24.14%
97.6th percentile
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jsch | < jsch 0.1.54-1 (bookworm) | jsch 0.1.54-1 (bookworm) |
| jcraft | jsch | <= 0.1.53 | — |
| jcraft | jsch | >= 0 < 0.1.54-1 | 0.1.54-1 |
| jcraft | jsch | >= 0 < 0.1.54-1 | 0.1.54-1 |
| jcraft | jsch | >= 0 < 0.1.54-1 | 0.1.54-1 |
| jcraft | jsch | >= 0 < 0.1.54-1 | 0.1.54-1 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
vendor_debian5.9LOW
vendor_oracle5.9MEDIUM
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Oracle Data Integrator 11.1.1.9.0/12.2.1.3.0 Install/config/upgrade path traversal (EDB-40411 / BID-93100)
vuldb·2026-05-14·CVSS 5.9
CVE-2016-5725 [MEDIUM] Oracle Data Integrator 11.1.1.9.0/12.2.1.3.0 Install/config/upgrade path traversal (EDB-40411 / BID-93100)
A vulnerability was found in Oracle Data Integrator 11.1.1.9.0/12.2.1.3.0 and classified as critical. This issue affects some unknown processing of the component Install/config/upgrade. Such manipulation leads to path traversal.
This vulnerability is documented as CVE-2016-5725. The attack can be executed remotely. Additionally, an exploit exists.
It is suggested to upgrade the affected component.
VulDB
Jcraft jsch 0.1.53 on Windows sftp Client path traversal (RHSA-2017:3115 / EDB-40411)
vuldb·2026-05-14·CVSS 5.9
CVE-2016-5725 [MEDIUM] Jcraft jsch 0.1.53 on Windows sftp Client path traversal (RHSA-2017:3115 / EDB-40411)
A vulnerability categorized as critical has been discovered in Jcraft jsch 0.1.53 on Windows. The affected element is an unknown function of the component sftp. Executing a manipulation can lead to path traversal (Client).
The identification of this vulnerability is CVE-2016-5725. The attack may be launched remotely. Furthermore, there is an exploit available.
A patch should be applied to remediate this issue.
OSV
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
osv·2022-05-13
CVE-2016-5725 [MEDIUM] Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
GHSA
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
ghsa·2022-05-13
CVE-2016-5725 [MEDIUM] CWE-22 Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
OSV
CVE-2016-5725: Directory traversal vulnerability in JCraft JSch before 0
osv·2017-01-19·CVSS 5.9
CVE-2016-5725 [MEDIUM] CVE-2016-5725: Directory traversal vulnerability in JCraft JSch before 0
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Admin (JCraft JSch) — CVE-2016-5725
vendor_oracle·2021-04-15·CVSS 5.9
CVE-2016-5725 [MEDIUM] Oracle Oracle Construction and Engineering Risk Matrix: Admin (JCraft JSch) — CVE-2016-5725
Oracle Oracle Construction and Engineering Risk Matrix: Admin (JCraft JSch) vulnerability
CVE: CVE-2016-5725
CVSS: 5.9
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2021 (APR 2021)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Install, config, upgrade (JCraft JSch) — CVE-2016-5725
vendor_oracle·2021-01-15·CVSS 5.9
CVE-2016-5725 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: Install, config, upgrade (JCraft JSch) — CVE-2016-5725
Oracle Oracle Fusion Middleware Risk Matrix: Install, config, upgrade (JCraft JSch) vulnerability
CVE: CVE-2016-5725
CVSS: 5.9
Protocol: SFTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2021 (JAN 2021)
Red Hat
jsch: ChannelSftp path traversal vulnerability
vendor_redhat·2016-08-31·CVSS 5.9
CVE-2016-5725 [MEDIUM] CWE-22 jsch: ChannelSftp path traversal vulnerability
jsch: ChannelSftp path traversal vulnerability
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process.
Package: jsch (Red Hat BPM Suite 6) - Will not fix
Package: jsch (Red Hat Enterprise Linux 5) - Not affected
Package: jsch (Red Hat Enterprise Linux 6) - Not affected
Package: jsch (Red Hat
Debian
CVE-2016-5725: jsch - Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when ...
vendor_debian·2016·CVSS 5.9
CVE-2016-5725 [MEDIUM] CVE-2016-5725: jsch - Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when ...
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Scope: local
bookworm: resolved (fixed in 0.1.54-1)
bullseye: resolved (fixed in 0.1.54-1)
forky: resolved (fixed in 0.1.54-1)
sid: resolved (fixed in 0.1.54-1)
trixie: resolved (fixed in 0.1.54-1)
No detection rules found.
http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.htmlhttp://seclists.org/fulldisclosure/2016/Sep/53http://www.jcraft.com/jsch/ChangeLoghttp://www.securityfocus.com/bid/93100https://access.redhat.com/errata/RHSA-2017:3115https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725https://lists.debian.org/debian-lts-announce/2020/04/msg00017.htmlhttps://www.exploit-db.com/exploits/40411/https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.htmlhttp://seclists.org/fulldisclosure/2016/Sep/53http://www.jcraft.com/jsch/ChangeLoghttp://www.securityfocus.com/bid/93100https://access.redhat.com/errata/RHSA-2017:3115https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725https://lists.debian.org/debian-lts-announce/2020/04/msg00017.htmlhttps://www.exploit-db.com/exploits/40411/https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
2017-01-19
Published