Vulnerability

CVE-2016-5725

 Report advisory or correction

CVSS Score 5.9 medium

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-22

References

https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725
https://nvd.nist.gov/vuln/detail/CVE-2016-5725
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5725

[CVE-2016-5725] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

See com.jcraft/jsch package information