11[basic ]
2- description = " SSH 1.2.25 在 HP-UX 系统中存在安全漏洞,远程攻击者可通过 SSH 服务利用该漏洞未经授权访问新创建的用户账户。该漏洞源于 SSH 协议实现中的身份验证与授权缺陷,导致新用户账户在创建后短时间内可被未授权用户访问。攻击者无需有效凭据即可获取系统访问权限,进而可能导致敏感信息泄露或进一步系统入侵。 CVSS 评分 7.5,危害等级高。"
2+ description = " SSH 1.2.25 在 HP-UX 系统上存在访问控制缺陷,当系统添加新用户账户时,攻击者可通过 SSH 服务绕过认证直接访问这些新创建的账户,导致未授权访问。该漏洞影响 HP-UX 上运行的 SSH 1.2.25 版本, CVSS 评分 7.5,危害等级高。漏洞源于用户账户创建后的默认配置未能正确限制访问权限,远程攻击者无需认证即可利用此漏洞获取系统访问权限 。"
33published = " 1998-09-01T04:00:00.000"
4- remediation = " 将 HP-UX 上的 SSH 升级至 1.2.27 或更高版本(该漏洞在 1.2.27 中修复)。建议迁移至 SSH 2.0 协议(部署 OpenSSH 或 HP 官方支持的 SSH 实现),因 SSH 1.x 协议存在已知设计缺陷。如无法立即升级,可通过 HP-UX 系统防火墙限制 SSH 服务访问来源 IP,仅在可信网络范围内开放 22 端口 。"
4+ remediation = " 升级至 OpenSSH(推荐 3.0 以上版本),禁用 SSH 1 协议,仅启用 SSH 2 协议。HP-UX 用户应安装 Hewlett-Packard 官方 SSH 安全补丁,或在系统层面通过 inetd.conf 禁用 SSH 服务,改用 telnet(如必要)并配合 hosts.allow/deny 限制访问来源 。"
55score = 7.5
66severity = " HIGH"
7- sources = [" avd " ]
8- title = " HP-UX SSH 未授权账户访问漏洞 "
7+ sources = [" epss " ]
8+ title = " HP-UX SSH 访问控制漏洞 "
99updated = " 2026-06-16T21:48:07.497"
1010
1111[exploit ]
@@ -17,8 +17,20 @@ aliases = ["CVE-1999-0310"]
1717ave_id = " AVE-1999-0517"
1818
1919[meta ]
20- collected_at = " 2026-07-13T00 :00:00Z"
20+ collected_at = " 2026-07-14T00 :00:00Z"
2121status = " completed"
2222
2323[references ]
24- urls = [" https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0310" ]
24+ urls = [
25+ " https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0310" ,
26+ " https://github.com/CVEProject/cvelistV5/blob/d39c6fc359564f87c4fbc1b2c3e7c679c878fdd9/cves/1999/0xxx/CVE-1999-0310.json" ,
27+ " https://github.com/LiuCan01/cve-list-pro/blob/78b55511cee3604c22d518e32822f0435d0cacc0/cve-list/CVE-1999/CVE-1999-0310" ,
28+ " https://github.com/yarencheng/cve-devops-playground/blob/9074597bd191efd66c2a6bf1f5d8e60bc4801a90/content/CVE-1999-0310.md" ,
29+ " https://github.com/Patrowl/PatrowlHearsData/blob/db45dbc75ff0264d63b603291e4a83d7361bd7ba/CVE/data/1999/CVE-1999-0310.json" ,
30+ " https://github.com/github/advisory-database/blob/79c2cf4630fcc44f2632735de08432a07cfaf204/advisories/unreviewed/2022/04/GHSA-6pm3-f7gw-pq5v/GHSA-6pm3-f7gw-pq5v.json" ,
31+ " https://github.com/nomi-sec/NVD-Database/blob/23dc120c34402aaa65883c51c1d03b3cb02c20cb/1999/CVE-1999-0310.json" ,
32+ " https://github.com/SpeeDr00t/speedr00t.github.com/blob/0380f0c2190556fabe90257cb6c0034a42f68951/securityfocus/0x83000/82268/info.html" ,
33+ " https://github.com/oasis-open/cti-stix-common-objects/blob/55ba7598cbd5a52577b6887871505d931d85cb61/objects/vulnerability/vulnerability--d1259ae4-fae5-4ac0-a1f4-f0df5a94db65.json" ,
34+ " https://github.com/Ethishh/securin_assessment/blob/e6ce9197b6593ae46f3f5646d268181eea6cbb31/cve_sync.log" ,
35+ " https://github.com/zephyros1603/RadiantProcessors/blob/7d44cb1cd4b9e088fbe463f1b19be50a04c2efe8/Backend/RAG/data/allitems.txt" ,
36+ ]
0 commit comments