Lucene search

[email protected]CVE-2014-0478

HistoryJun 17, 2014 - 2:55 p.m.

CVE-2014-0478

2014-06-1714:55:06

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-0478

apt

security vulnerability

validation

source packages

man-in-the-middle

nvd

6.2 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

44.1%

JSON

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

Affected configurations

NVD

Node

debianadvanced_package_toolRange≤1.0.3

CPENameOperatorVersion
debian:advanced_package_tooldebian advanced package toolle1.0.3

CPE	Name	Operator	Version
debian:advanced_package_tool	debian advanced package tool	le	1.0.3

References

secunia.com/advisories/58843

secunia.com/advisories/59358

www.debian.org/security/2014/dsa-2958

www.ubuntu.com/usn/USN-2246-1

bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795

6.2 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2014-0478

prion1 ubuntucve1 openvas4 nessus2 nvd1 debiancve1 debian3 securityvulns2 osv2 ubuntu1 cvelist1