Описание
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | not-affected | defaults to properly verify host name |
| lucid | released | 0.7.25.3ubuntu9.9 |
| maverick | released | 0.8.3ubuntu7.3 |
| natty | not-affected | 0.8.13.2ubuntu4.2 |
| oneiric | not-affected | |
| upstream | not-affected | 0.8.15.9 |
Показывать по
EPSS
2.6 Low
CVSS2
Связанные уязвимости
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
methods/https.cc in apt before 0.8.11 accepts connections when the cer ...
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
EPSS
2.6 Low
CVSS2