Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-5161
HistoryNov 19, 2008 - 5:30 p.m.

CVE-2008-5161

2008-11-1917:30:00
CWE-200
[email protected]
web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

High

0.123 Low

EPSS

Percentile

95.4%

JSON

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Affected configurations

NVD
Node
openbsdopensshMatch4.7p1
OR
sshtectia_clientMatch4.0
OR
sshtectia_clientMatch4.0.1
OR
sshtectia_clientMatch4.0.3
OR
sshtectia_clientMatch4.0.4
OR
sshtectia_clientMatch4.0.5
OR
sshtectia_clientMatch4.2
OR
sshtectia_clientMatch4.2.1
OR
sshtectia_clientMatch4.3
OR
sshtectia_clientMatch4.3.1
OR
sshtectia_clientMatch4.3.1j
OR
sshtectia_clientMatch4.3.2
OR
sshtectia_clientMatch4.3.2j
OR
sshtectia_clientMatch4.3.3
OR
sshtectia_clientMatch4.3.4
OR
sshtectia_clientMatch4.3.5
OR
sshtectia_clientMatch4.3.6
OR
sshtectia_clientMatch4.3.7
OR
sshtectia_clientMatch4.3.8k
OR
sshtectia_clientMatch4.3.9k
OR
sshtectia_clientMatch4.4
OR
sshtectia_clientMatch4.4.1
OR
sshtectia_clientMatch4.4.2
OR
sshtectia_clientMatch4.4.3
OR
sshtectia_clientMatch4.4.4
OR
sshtectia_clientMatch4.4.6
OR
sshtectia_clientMatch4.4.7
OR
sshtectia_clientMatch4.4.8
OR
sshtectia_clientMatch4.4.9
OR
sshtectia_clientMatch4.4.10
OR
sshtectia_clientMatch4.4.11
OR
sshtectia_clientMatch5.0.0
OR
sshtectia_clientMatch5.0.0f
OR
sshtectia_clientMatch5.0.1
OR
sshtectia_clientMatch5.0.1f
OR
sshtectia_clientMatch5.0.2
OR
sshtectia_clientMatch5.0.2f
OR
sshtectia_clientMatch5.0.3
OR
sshtectia_clientMatch5.0.3f
OR
sshtectia_clientMatch5.1.0
OR
sshtectia_clientMatch5.1.1
OR
sshtectia_clientMatch5.1.2
OR
sshtectia_clientMatch5.1.3
OR
sshtectia_clientMatch5.2.0
OR
sshtectia_clientMatch5.2.1
OR
sshtectia_clientMatch5.2.2
OR
sshtectia_clientMatch5.2.3
OR
sshtectia_clientMatch5.2.4
OR
sshtectia_clientMatch5.3.0
OR
sshtectia_clientMatch5.3.1
OR
sshtectia_clientMatch5.3.2
OR
sshtectia_clientMatch5.3.3
OR
sshtectia_clientMatch5.3.5
OR
sshtectia_clientMatch5.3.6
OR
sshtectia_clientMatch5.3.7
OR
sshtectia_clientMatch5.3.8
OR
sshtectia_clientMatch6.0.0
OR
sshtectia_clientMatch6.0.1
OR
sshtectia_clientMatch6.0.2
OR
sshtectia_clientMatch6.0.3
OR
sshtectia_clientMatch6.0.4
OR
sshtectia_connectorMatch4.0.7
OR
sshtectia_connectorMatch4.1.2
OR
sshtectia_connectorMatch4.1.3
OR
sshtectia_connectorMatch4.1.5
OR
sshtectia_connectorMatch4.2.0
OR
sshtectia_connectorMatch4.3.0
OR
sshtectia_connectorMatch4.3.4
OR
sshtectia_connectorMatch4.3.5
OR
sshtectia_connectorMatch4.4.0
OR
sshtectia_connectorMatch4.4.2
OR
sshtectia_connectorMatch4.4.4
OR
sshtectia_connectorMatch4.4.6
OR
sshtectia_connectorMatch4.4.7
OR
sshtectia_connectorMatch4.4.9
OR
sshtectia_connectorMatch4.4.10
OR
sshtectia_connectorMatch5.0.0
OR
sshtectia_connectorMatch5.0.1
OR
sshtectia_connectorMatch5.0.2
OR
sshtectia_connectorMatch5.0.3
OR
sshtectia_connectorMatch5.1.0
OR
sshtectia_connectorMatch5.1.1
OR
sshtectia_connectorMatch5.1.2
OR
sshtectia_connectorMatch5.1.3
OR
sshtectia_connectorMatch5.2.2
OR
sshtectia_connectorMatch5.3.0
OR
sshtectia_connectorMatch5.3.1
OR
sshtectia_connectorMatch5.3.2
OR
sshtectia_connectorMatch5.3.3
OR
sshtectia_connectorMatch5.3.7
OR
sshtectia_connectorMatch5.3.8
OR
sshtectia_connectsecureMatch6.0.0
OR
sshtectia_connectsecureMatch6.0.1
OR
sshtectia_connectsecureMatch6.0.2
OR
sshtectia_connectsecureMatch6.0.3
OR
sshtectia_connectsecureMatch6.0.4
OR
sshtectia_serverMatch4.0
OR
sshtectia_serverMatch4.0.3
OR
sshtectia_serverMatch4.0.4
OR
sshtectia_serverMatch4.0.5
OR
sshtectia_serverMatch4.0.7
OR
sshtectia_serverMatch4.1.2
OR
sshtectia_serverMatch4.1.3
OR
sshtectia_serverMatch4.1.5
OR
sshtectia_serverMatch4.2.0
OR
sshtectia_serverMatch4.2.1
OR
sshtectia_serverMatch4.2.2
OR
sshtectia_serverMatch4.3
OR
sshtectia_serverMatch4.3.0
OR
sshtectia_serverMatch4.3.1
OR
sshtectia_serverMatch4.3.2
OR
sshtectia_serverMatch4.3.3
OR
sshtectia_serverMatch4.3.4
OR
sshtectia_serverMatch4.3.5
OR
sshtectia_serverMatch4.3.6
OR
sshtectia_serverMatch4.3.7
OR
sshtectia_serverMatch4.4
OR
sshtectia_serverMatch4.4.0
OR
sshtectia_serverMatch4.4.1
OR
sshtectia_serverMatch4.4.2
OR
sshtectia_serverMatch4.4.4
OR
sshtectia_serverMatch4.4.5
OR
sshtectia_serverMatch4.4.6
OR
sshtectia_serverMatch4.4.7
OR
sshtectia_serverMatch4.4.8
OR
sshtectia_serverMatch4.4.9
OR
sshtectia_serverMatch4.4.10
OR
sshtectia_serverMatch4.4.11
OR
sshtectia_serverMatch5.0.0
OR
sshtectia_serverMatch5.0.1
OR
sshtectia_serverMatch5.0.2
OR
sshtectia_serverMatch5.0.3
OR
sshtectia_serverMatch5.1.0
OR
sshtectia_serverMatch5.1.1
OR
sshtectia_serverMatch5.1.1ibm_zos
OR
sshtectia_serverMatch5.1.2
OR
sshtectia_serverMatch5.1.3
OR
sshtectia_serverMatch5.2.0
OR
sshtectia_serverMatch5.2.0ibm_zos
OR
sshtectia_serverMatch5.2.1ibm_zos
OR
sshtectia_serverMatch5.2.2
OR
sshtectia_serverMatch5.2.2ibm_zos
OR
sshtectia_serverMatch5.2.3
OR
sshtectia_serverMatch5.2.4
OR
sshtectia_serverMatch5.3.0
OR
sshtectia_serverMatch5.3.0ibm_zos
OR
sshtectia_serverMatch5.3.1
OR
sshtectia_serverMatch5.3.2
OR
sshtectia_serverMatch5.3.3
OR
sshtectia_serverMatch5.3.4
OR
sshtectia_serverMatch5.3.5
OR
sshtectia_serverMatch5.3.6
OR
sshtectia_serverMatch5.3.7
OR
sshtectia_serverMatch5.3.8
OR
sshtectia_serverMatch5.4.0ibm_zos
OR
sshtectia_serverMatch5.4.1ibm_zos
OR
sshtectia_serverMatch5.4.2ibm_zos
OR
sshtectia_serverMatch5.5.0ibm_zos
OR
sshtectia_serverMatch5.5.1ibm_zos
OR
sshtectia_serverMatch6.0.0
OR
sshtectia_serverMatch6.0.0ibm_zos
OR
sshtectia_serverMatch6.0.1
OR
sshtectia_serverMatch6.0.1ibm_zos
OR
sshtectia_serverMatch6.0.2
OR
sshtectia_serverMatch6.0.3
OR
sshtectia_serverMatch6.0.4
OR
sshtectia_serverMatch6.0.4linux_ibm_zos

References

Related

ibm 7
openvas 13
checkpoint_security 1
veracode 1
nessus 18
metasploit 1
f5 2
ubuntucve 1
oraclelinux 1
cve 1
prion 1
cvelist 1
redhat 1
centos 1
debiancve 1
securityvulns 1
gentoo 1
ibm
ibm
Security Bulletin: CBC mode ciphers, weak MD5 and MAC algorithms vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2008-5161)
2018-06-16 21:38:50
Security Bulletin: IBM Security Access Manager for Mobile is affected by an OpenSSH vulnerability (CVE-2008-5161)
2018-06-16 21:39:30
Security Bulletin: IBM Security Access Manager for Web is affected by an OpenSSH vulnerability (CVE-2008-5161)
2018-06-16 21:37:24
openvas
openvas
CentOS Security Advisory CESA-2009:1287 (openssh)
2009-09-21 00:00:00
OpenSSH CBC Mode Information Disclosure Vulnerability
2009-04-23 00:00:00
CentOS Security Advisory CESA-2009:1287 (openssh)
2009-09-21 00:00:00
checkpoint_security
checkpoint_security
Check Point response to OpenSSH CBC Mode Information Disclosure Vulnerability (CVE-2008-5161)
2008-11-20 22:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:36:07
nessus
nessus
Solaris 10 (sparc) : 140774-03
2009-04-23 00:00:00
Solaris 10 (x86) : 140775-03
2009-04-23 00:00:00
OpenSSH < 5.2 CBC Plaintext Disclosure
2011-09-27 00:00:00
metasploit
metasploit
SSH Version Scanner
2010-01-15 03:25:34
f5
f5
SOL14609 - OpenSSH vulnerability CVE-2008-5161
2013-08-15 00:00:00
K14609 : OpenSSH vulnerability CVE-2008-5161
2013-08-16 00:00:00
ubuntucve
ubuntucve
CVE-2008-5161
2008-11-19 00:00:00
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2009-09-08 00:00:00
cve
cve
CVE-2008-5161
2008-11-19 17:30:00
prion
prion
Code injection
2008-11-19 17:30:00
cvelist
cvelist
CVE-2008-5161
2008-11-19 17:00:00
redhat
redhat
(RHSA-2009:1287) Low: openssh security, bug fix, and enhancement update
2009-09-02 03:02:33
centos
centos
openssh security update
2009-09-15 18:27:52
debiancve
debiancve
CVE-2008-5161
2008-11-19 17:30:00
securityvulns
securityvulns
[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux &#40;ICE-LX&#41; Cross Site Request Forgery &#40;CSRF&#41; , Remote Execution of Arbitrary Code, Denial of Service &#40;DoS&#41;, and Other Vulnerabilities
2009-08-14 00:00:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2014-05-11 00:00:00

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

High

0.123 Low

EPSS

Percentile

95.4%

JSON
Related for NVD:CVE-2008-5161
ibm7openvas13checkpoint_security1veracode1nessus18metasploit1f52ubuntucve1oraclelinux1cve1prion1cvelist1redhat1centos1debiancve1securityvulns1gentoo1