Lucene search
HistoryJun 19, 2012 - 8:55 p.m.
CVE-2012-3587
apt
vulnerability
cve-2012-3587
security
gnupg
apt 0.7.x
apt 0.8.x
keyrings
gpg
subkeys
mitm
attack
6.5 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
50.4%
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
Related
debiancve
debiancve
CVE-2012-3587
2012-06-19 20:55:00
CVE-2012-0954
2012-06-19 20:55:00
ubuntucve
ubuntucve
CVE-2012-3587
2012-06-19 00:00:00
CVE-2012-0954
2012-06-15 00:00:00
cvelist
cvelist
CVE-2012-3587
2022-10-03 16:15:23
CVE-2012-0954
2022-10-03 16:15:38
prion
prion
Design/Logic Flaw
2012-06-19 20:55:00
Design/Logic Flaw
2012-06-19 20:55:00
cve
cve
CVE-2012-0954
2012-06-19 20:55:00
openvas
openvas
Ubuntu Update for apt USN-1475-1
2012-06-15 00:00:00
6.5 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
50.4%
Related for CVE-2012-3587