nuclei-templates/cves/2016/CVE-2016-6210.yaml

id: CVE-2016-6210

info:
  name: OpenSSH username enumeration < v7.3
  author: iamthefrogy,forgedhallpass
  severity: medium
  tags: network,openssh
  description: OpenSSH before 7.3 is vulnerable to username enumeration and DoS vulnerabilities.
  reference:
    - http://seclists.org/fulldisclosure/2016/Jul/51
    - https://security-tracker.debian.org/tracker/CVE-2016-6210
    - http://openwall.com/lists/oss-security/2016/08/01/2
    - https://nvd.nist.gov/vuln/detail/CVE-2016-6210
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 5.9
    cve-id: CVE-2016-6210
    cwe-id: CWE-200

network:
  - host:
      - "{{Hostname}}"
      - "{{Hostname}}:22"
    matchers:
      - type: regex
        regex:
          - '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r]+|7\.[0-2][^\d][^\r]+)'

    extractors:
      - type: regex
        regex:
          - '(?i)SSH-2.0-OpenSSH_[^\r]+'
Add CVE information 2021-09-30 19:42:07 +00:00			`id: CVE-2016-6210`
detect openssh5.3 2021-04-11 13:02:20 +00:00
			`info:`
Update SSH user enum templates SSH header structure: SSH-protoversion-softwareversion[SPcomments]CRLF see: https://datatracker.ietf.org/doc/html/rfc4253#section-4.2 2021-11-01 18:34:47 +00:00			`name: OpenSSH username enumeration < v7.3`
			`author: iamthefrogy,forgedhallpass`
Add CVE information 2021-09-30 19:42:07 +00:00			`severity: medium`
minor updates 2021-04-11 13:16:48 +00:00			`tags: network,openssh`
Update SSH user enum templates SSH header structure: SSH-protoversion-softwareversion[SPcomments]CRLF see: https://datatracker.ietf.org/doc/html/rfc4253#section-4.2 2021-11-01 18:34:47 +00:00			`description: OpenSSH before 7.3 is vulnerable to username enumeration and DoS vulnerabilities.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- http://seclists.org/fulldisclosure/2016/Jul/51`
			`- https://security-tracker.debian.org/tracker/CVE-2016-6210`
			`- http://openwall.com/lists/oss-security/2016/08/01/2`
Update SSH user enum templates SSH header structure: SSH-protoversion-softwareversion[SPcomments]CRLF see: https://datatracker.ietf.org/doc/html/rfc4253#section-4.2 2021-11-01 18:34:47 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2016-6210`
Add CVE information 2021-09-30 19:42:07 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 5.9`
			`cve-id: CVE-2016-6210`
			`cwe-id: CWE-200`
detect openssh5.3 2021-04-11 13:02:20 +00:00
			`network:`
			`- host:`
minor updates 2021-04-11 13:16:48 +00:00			`- "{{Hostname}}"`
detect openssh5.3 2021-04-11 13:02:20 +00:00			`- "{{Hostname}}:22"`
			`matchers:`
Update SSH user enum templates SSH header structure: SSH-protoversion-softwareversion[SPcomments]CRLF see: https://datatracker.ietf.org/doc/html/rfc4253#section-4.2 2021-11-01 18:34:47 +00:00			`- type: regex`
			`regex:`
			`- '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r]+\|7\.[0-2][^\d][^\r]+)'`

			`extractors:`
			`- type: regex`
			`regex:`
			`- '(?i)SSH-2.0-OpenSSH_[^\r]+'`