Lucene search

[email protected]CVE-2014-6273

HistorySep 30, 2014 - 2:55 p.m.

CVE-2014-6273

2014-09-3014:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-6273

buffer overflow

http transport code

apt-get

apt 1.0.1

denial of service

arbitrary code

crafted url

nvd

9.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

JSON

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

CPENameOperatorVersion
debian:advanced_package_tooldebian advanced package toolle1.0.1

CPE	Name	Operator	Version
debian:advanced_package_tool	debian advanced package tool	le	1.0.1

References

secunia.com/advisories/61605

secunia.com/advisories/61710

www.debian.org/security/2014/dsa-3031

www.securityfocus.com/bid/70075

www.ubuntu.com/usn/USN-2353-1

exchange.xforce.ibmcloud.com/vulnerabilities/96151

9.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

JSON

Related for CVE-2014-6273

osv1 openvas5 debian4 mageia1 prion1 nessus2 securityvulns2 cvelist1 ubuntucve1 debiancve1 ubuntu1 fortinet1