Lucene search
HistoryOct 09, 2015 - 2:59 p.m.
CVE-2015-1337
cve-2015-1337
simple streams
simplestreams
gpg signatures
disk image files
remote mirror servers
spoofing
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
Affected configurations
Node
simpestreams_projectsimplestreamsMatch-
Node
canonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch15.04
| CPE | Name | Operator | Version |
|---|---|---|---|
| simpestreams_project:simplestreams | simpestreams project simplestreams | eq | - |
Related
nvd
nvd
CVE-2015-1337
2015-10-09 14:59:00
prion
prion
Design/Logic Flaw
2015-10-09 14:59:00
nessus
nessus
Ubuntu 14.04 LTS : Simple Streams vulnerability (USN-2746-1)
2015-09-25 00:00:00
ubuntu
ubuntu
Simple Streams vulnerability
2015-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2015-1337
2015-09-24 00:00:00
cvelist
cvelist
CVE-2015-1337
2015-10-09 14:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2746-1)
2015-09-25 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%
Related for CVE-2015-1337