Search for vulnerabilities
Vulnerability details: VCID-7bug-spps-c7ag
Vulnerability ID VCID-7bug-spps-c7ag
Aliases CVE-2016-3115
Summary
Status Published
Exploitability 2.0
Weighted Severity 2.5
Risk 5.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
epss 0.55903 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.58796 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.69603 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.69603 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
cvssv2 4.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1316829 https://bugzilla.redhat.com/show_bug.cgi?id=1316829
CVE-2016-3115 Exploit https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115
CVE-2016-3115 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py
RHSA-2016:0465 https://access.redhat.com/errata/RHSA-2016:0465
RHSA-2016:0466 https://access.redhat.com/errata/RHSA-2016:0466
USN-2966-1 https://usn.ubuntu.com/2966-1/
Data source Exploit-DB
Date added March 16, 2016
Description OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
Ransomware campaign use Unknown
Source publication date March 16, 2016
Exploit type remote
Platform multiple
Source update date Jan. 11, 2018
Source URL https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.9798
EPSS Score 0.55903
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:39:36.527487+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2966-1/ 37.0.0