Skip to content

Commit aa59e26

Browse files
committed
add: AVE-1999-0517
1 parent f8dac6f commit aa59e26

1 file changed

Lines changed: 18 additions & 6 deletions

File tree

vulns/1999/AVE-1999-0517.toml

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
[basic]
2-
description = "SSH 1.2.25 在 HP-UX 系统中存在安全漏洞,远程攻击者可通过 SSH 服务利用该漏洞未经授权访问新创建的用户账户。该漏洞源于 SSH 协议实现中的身份验证与授权缺陷,导致新用户账户在创建后短时间内可被未授权用户访问。攻击者无需有效凭据即可获取系统访问权限,进而可能导致敏感信息泄露或进一步系统入侵。CVSS 评分 7.5,危害等级高。"
2+
description = "SSH 1.2.25 在 HP-UX 系统上存在访问控制缺陷,当系统添加新用户账户时,攻击者可通过 SSH 服务绕过认证直接访问这些新创建的账户,导致未授权访问。该漏洞影响 HP-UX 上运行的 SSH 1.2.25 版本,CVSS 评分 7.5,危害等级高。漏洞源于用户账户创建后的默认配置未能正确限制访问权限,远程攻击者无需认证即可利用此漏洞获取系统访问权限"
33
published = "1998-09-01T04:00:00.000"
4-
remediation = "将 HP-UX 上的 SSH 升级至 1.2.27 或更高版本(该漏洞在 1.2.27 中修复)。建议迁移至 SSH 2.0 协议(部署 OpenSSH 或 HP 官方支持的 SSH 实现),因 SSH 1.x 协议存在已知设计缺陷。如无法立即升级,可通过 HP-UX 系统防火墙限制 SSH 服务访问来源 IP,仅在可信网络范围内开放 22 端口"
4+
remediation = "升级至 OpenSSH(推荐 3.0 以上版本),禁用 SSH 1 协议,仅启用 SSH 2 协议。HP-UX 用户应安装 Hewlett-Packard 官方 SSH 安全补丁,或在系统层面通过 inetd.conf 禁用 SSH 服务,改用 telnet(如必要)并配合 hosts.allow/deny 限制访问来源"
55
score = 7.5
66
severity = "HIGH"
7-
sources = ["avd"]
8-
title = "HP-UX SSH 未授权账户访问漏洞"
7+
sources = ["epss"]
8+
title = "HP-UX SSH 访问控制漏洞"
99
updated = "2026-06-16T21:48:07.497"
1010

1111
[exploit]
@@ -17,8 +17,20 @@ aliases = ["CVE-1999-0310"]
1717
ave_id = "AVE-1999-0517"
1818

1919
[meta]
20-
collected_at = "2026-07-13T00:00:00Z"
20+
collected_at = "2026-07-14T00:00:00Z"
2121
status = "completed"
2222

2323
[references]
24-
urls = ["https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0310"]
24+
urls = [
25+
"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0310",
26+
"https://github.com/CVEProject/cvelistV5/blob/d39c6fc359564f87c4fbc1b2c3e7c679c878fdd9/cves/1999/0xxx/CVE-1999-0310.json",
27+
"https://github.com/LiuCan01/cve-list-pro/blob/78b55511cee3604c22d518e32822f0435d0cacc0/cve-list/CVE-1999/CVE-1999-0310",
28+
"https://github.com/yarencheng/cve-devops-playground/blob/9074597bd191efd66c2a6bf1f5d8e60bc4801a90/content/CVE-1999-0310.md",
29+
"https://github.com/Patrowl/PatrowlHearsData/blob/db45dbc75ff0264d63b603291e4a83d7361bd7ba/CVE/data/1999/CVE-1999-0310.json",
30+
"https://github.com/github/advisory-database/blob/79c2cf4630fcc44f2632735de08432a07cfaf204/advisories/unreviewed/2022/04/GHSA-6pm3-f7gw-pq5v/GHSA-6pm3-f7gw-pq5v.json",
31+
"https://github.com/nomi-sec/NVD-Database/blob/23dc120c34402aaa65883c51c1d03b3cb02c20cb/1999/CVE-1999-0310.json",
32+
"https://github.com/SpeeDr00t/speedr00t.github.com/blob/0380f0c2190556fabe90257cb6c0034a42f68951/securityfocus/0x83000/82268/info.html",
33+
"https://github.com/oasis-open/cti-stix-common-objects/blob/55ba7598cbd5a52577b6887871505d931d85cb61/objects/vulnerability/vulnerability--d1259ae4-fae5-4ac0-a1f4-f0df5a94db65.json",
34+
"https://github.com/Ethishh/securin_assessment/blob/e6ce9197b6593ae46f3f5646d268181eea6cbb31/cve_sync.log",
35+
"https://github.com/zephyros1603/RadiantProcessors/blob/7d44cb1cd4b9e088fbe463f1b19be50a04c2efe8/Backend/RAG/data/allitems.txt",
36+
]

0 commit comments

Comments
 (0)