VulnerableCode Vulnerability Details

System	Score	Found at
generic_textual	Low	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1908.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0465
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0741
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00503	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00503	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00503	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00503	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00503	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00786	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00786	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00786	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00786	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.0094	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.00966	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02179	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02238	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02238	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02238	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02238	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02238	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02238	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02402	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.02402	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
epss	0.06848	https://api.first.org/data/v1/epss?cve=CVE-2016-1908
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908
generic_textual	Low	http://seclists.org/oss-sec/2016/q1/115
cvssv2	4.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	Low	https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2016-1908
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1908
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1908
generic_textual	Low	https://thejh.net/written-stuff/openssh-6.8-xsecurity
generic_textual	Low	https://ubuntu.com/security/notices/USN-2966-1
cvssv3.1	8.8	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

System

Score

Found at

generic_textual

Low

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1908.html

rhas

Moderate

https://access.redhat.com/errata/RHSA-2016:0465

rhas

Moderate

https://access.redhat.com/errata/RHSA-2016:0741

epss

0.00365

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00365

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00365

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00365

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00365

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00365

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00365

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00503

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00503

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00503

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00503

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00503

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00786

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00786

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00786

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00786

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.0094

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.00966

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02179

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02238

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02238

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02238

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02238

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02238

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02238

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02402

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.02402

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

epss

0.06848

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

generic_textual

Low

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908

generic_textual

Low

http://seclists.org/oss-sec/2016/q1/115

cvssv2

4.9

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

generic_textual

Low

https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html

cvssv2

7.5

https://nvd.nist.gov/vuln/detail/CVE-2016-1908

cvssv3

9.8

https://nvd.nist.gov/vuln/detail/CVE-2016-1908

cvssv3.1

9.8

https://nvd.nist.gov/vuln/detail/CVE-2016-1908

generic_textual

Low

https://thejh.net/written-stuff/openssh-6.8-xsecurity

generic_textual

Low

https://ubuntu.com/security/notices/USN-2966-1

cvssv3.1

8.8

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

generic_textual

HIGH

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Reference id	Reference type	URL
		http://openwall.com/lists/oss-security/2016/01/15/13
		http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1908.html
		http://rhn.redhat.com/errata/RHSA-2016-0465.html
		http://rhn.redhat.com/errata/RHSA-2016-0741.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json
		https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
		https://api.first.org/data/v1/epss?cve=CVE-2016-1908
		https://bugzilla.redhat.com/show_bug.cgi?id=1298741
		https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908
		http://seclists.org/oss-sec/2016/q1/115
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
		https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
		https://security.gentoo.org/glsa/201612-18
		https://thejh.net/written-stuff/openssh-6.8-xsecurity
		https://ubuntu.com/security/notices/USN-2966-1
		http://www.openssh.com/txt/release-7.2
		http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
		http://www.securityfocus.com/bid/84427
		http://www.securitytracker.com/id/1034705
cpe:2.3:a:openbsd:openssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh::::::::
cpe:2.3:a:openbsd:openssh::p2::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh::p2::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:oracle:linux:6:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-::::::
cpe:2.3:o:oracle:linux:7:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-::::::
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
CVE-2016-1908		https://nvd.nist.gov/vuln/detail/CVE-2016-1908
RHSA-2016:0465		https://access.redhat.com/errata/RHSA-2016:0465
RHSA-2016:0741		https://access.redhat.com/errata/RHSA-2016:0741
USN-2966-1		https://usn.ubuntu.com/2966-1/

Reference id

Reference type

URL

http://openwall.com/lists/oss-security/2016/01/15/13

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1908.html

http://rhn.redhat.com/errata/RHSA-2016-0465.html

http://rhn.redhat.com/errata/RHSA-2016-0741.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json

https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c

https://api.first.org/data/v1/epss?cve=CVE-2016-1908

https://bugzilla.redhat.com/show_bug.cgi?id=1298741

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908

http://seclists.org/oss-sec/2016/q1/115

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html

https://security.gentoo.org/glsa/201612-18

https://thejh.net/written-stuff/openssh-6.8-xsecurity

https://ubuntu.com/security/notices/USN-2966-1

http://www.openssh.com/txt/release-7.2

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/84427

http://www.securitytracker.com/id/1034705

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

CVE-2016-1908

https://nvd.nist.gov/vuln/detail/CVE-2016-1908

RHSA-2016:0465

https://access.redhat.com/errata/RHSA-2016:0465

RHSA-2016:0741

https://access.redhat.com/errata/RHSA-2016:0741

USN-2966-1

https://usn.ubuntu.com/2966-1/

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1908

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1908

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1908

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

There are no relevant records.

Vulnerability ID	VCID-makx-v5py-aaap
Aliases	CVE-2016-1908
Summary	The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

CWE-287	Improper Authentication
CWE-284	Improper Access Control

Percentile	0.72953
EPSS Score	0.00365
Published At	Nov. 1, 2024, midnight