CVE-2019-3462

CWE-3509 documents7 sources

Severity

8.1HIGH

EPSS

7.0%

top 8.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Weaveworks Weave Debian Advanced Package Tool Debian GNU Linux/apt AS Used IN Debian Stretch AND Ubuntu +2 more

Timeline

PublishedJan 28

Latest updateMay 13

Description

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5weaveworks/weave< 2.6.3

▶NVDdebian/advanced_package_tool1.3 — 1.4.8+1

▶Debianapt< 1.8.0~alpha3.1+3

▶CVEListV5debian_gnu/linux/apt_as_used_in_debian_stretch_and_ubuntu1.4.8 and earlier

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-q857-rhg5-4j49: Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1↗2022-05-13

▶

CVEList

CVE-2019-3462: Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1↗2019-01-28

▶

OSV

CVE-2019-3462: Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1↗2019-01-28

▶

📋Vendor Advisories

Ubuntu

APT vulnerability↗2019-01-22

▶

Ubuntu

APT vulnerability↗2019-01-22

▶

Debian

CVE-2019-3462: apt - Incorrect sanitation of the 302 redirect field in HTTP transport method of apt v...↗2019

▶

💬Community

Bugzilla

CVE-2019-3462 apt: Code injection through HTTP redirect↗2019-01-23

▶

Bugzilla

CVE-2019-3462 apt: Code injection through HTTP redirect [fedora-all]↗2019-01-23

▶