Описание
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apt-cacher-ng | fixed | 3-1 | package | |
| apt-cacher-ng | fixed | 2-2 | buster | package |
| apt-cacher-ng | fixed | 2-2 | stretch | package |
| apt-cacher-ng | no-dsa | jessie | package | |
| apt-cacher-ng | no-dsa | wheezy | package | |
| apt-cacher | fixed | 1.7.15 | package | |
| apt-cacher | fixed | 1.7.13+deb9u1 | buster | package |
| apt-cacher | fixed | 1.7.13+deb9u1 | stretch | package |
| apt-cacher | fixed | 1.7.10+deb8u1 | jessie | package |
EPSS
Процентиль: 47%
0.0024
Низкий
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 9 лет назад
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
CVSS3: 6.1
nvd
почти 9 лет назад
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
CVSS3: 6.1
github
больше 3 лет назад
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
EPSS
Процентиль: 47%
0.0024
Низкий