CVE-2004-0175

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

Published: 2004-08-18 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2004-0175 is rated Moderate Risk (45.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.82%). Core evidence: EPSS rose +1.44% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2004-0175

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.39% 1.82% +1.44%
2 2026-02-06 0.31% 0.39% +0.08%
3 2025-12-28 0.31%

Full EPSS history (14 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-0175

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
8.6 2.9 [email protected]

Weakness enumeration for CVE-2004-0175

OS Trackers for CVE-2004-0175

vendor priority summary link
debian low CVE-2004-0175 low priority: Debian including 1 source packages (openssh), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2004-0175
redhat low https://access.redhat.com/security/cve/CVE-2004-0175

Vendor comments (NVD) for CVE-2004-0175

  • Red Hat (2007-03-14T00:00:00)

    Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Affected software / configurations for CVE-2004-0175

Vendor Product Version Raw CPE
openbsd openssh 3.0 cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
openbsd openssh 3.0.1 cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
openbsd openssh 3.0.1p1 cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
openbsd openssh 3.0.2 cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
openbsd openssh 3.0.2p1 cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
openbsd openssh 3.0p1 cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
openbsd openssh 3.1 cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
openbsd openssh 3.1p1 cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
openbsd openssh 3.2 cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
openbsd openssh 3.2.2p1 cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
openbsd openssh 3.2.3p1 cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
openbsd openssh 3.3 cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
openbsd openssh 3.3p1 cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
openbsd openssh 3.4 cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
openbsd openssh 3.4p1 cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*

References for CVE-2004-0175

URL Tags
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831
http://secunia.com/advisories/17135
http://secunia.com/advisories/19243
http://www.ciac.org/ciac/bulletins/o-212.shtml
http://www.juniper.net/support/security/alerts/adv59739.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:100
http://www.mandriva.com/security/advisories?name=MDVSA-2008:191
http://www.novell.com/linux/security/advisories/2004_09_kernel.html
http://www.osvdb.org/9550
http://www.redhat.com/support/errata/RHSA-2005-074.html
http://www.redhat.com/support/errata/RHSA-2005-106.html
http://www.redhat.com/support/errata/RHSA-2005-165.html
http://www.redhat.com/support/errata/RHSA-2005-481.html
http://www.redhat.com/support/errata/RHSA-2005-495.html
http://www.redhat.com/support/errata/RHSA-2005-562.html
http://www.redhat.com/support/errata/RHSA-2005-567.html
http://www.securityfocus.com/bid/9986 Patch Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147
https://exchange.xforce.ibmcloud.com/vulnerabilities/16323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184
cvelogic Threat Intelligence