CVE-2014-0487

10 documents7 sources
Severity
7.5HIGH
EPSS
0.1%
top 68.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Advanced Package Tool
Timeline
PublishedNov 3
Latest updateMay 13

Description

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Debianapt< 1.0.9+3
Ubuntuapt< 1.0.1ubuntu2.3
NVDdebian/advanced_package_tool1.0.3, 1.0.7+1

Patches

Patch: ubuntu.comPatch: ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-fmfx-3g63-34p4: APT before 12022-05-13
OSV
CVE-2014-0487: APT before 12014-11-03
CVEList
CVE-2014-0487: APT before 12014-11-03
OSV
apt vulnerabilities2014-09-16

📋Vendor Advisories

2
Ubuntu
APT vulnerabilities2014-09-16
Debian
CVE-2014-0487: apt - APT before 1.0.9 does not verify downloaded files if they have been modified as ...2014

💬Community

3
Bugzilla
CVE-2014-0490 CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 apt: multiple issues [fedora-all]2014-09-18
Bugzilla
CVE-2014-0488 CVE-2014-0487 CVE-2014-0489 CVE-2014-0490 apt: multiple issues2014-09-18
Bugzilla
CVE-2014-0234 OpenShift Enterprise openshift-origin-broker: default password creation2014-05-13
CVE-2014-0487 (HIGH CVSS 7.5) | APT before 1.0.9 does not verify do | cvebase.io