Lucene search

[email protected]CVE-2014-6273

HistorySep 30, 2014 - 2:55 p.m.

CVE-2014-6273

2014-09-3014:55:11

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-6273

buffer overflow

http transport code

apt-get

apt 1.0.1

denial of service

arbitrary code

crafted url

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.

Affected configurations

NVD

Node

debianadvanced_package_toolRange≤1.0.1

CPENameOperatorVersion
debian:advanced_package_tooldebian advanced package toolle1.0.1

CPE	Name	Operator	Version
debian:advanced_package_tool	debian advanced package tool	le	1.0.1

References

secunia.com/advisories/61605

secunia.com/advisories/61710

www.debian.org/security/2014/dsa-3031

www.securityfocus.com/bid/70075

www.ubuntu.com/usn/USN-2353-1

exchange.xforce.ibmcloud.com/vulnerabilities/96151

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2014-6273

debian4 openvas5 prion1 osv1 mageia1 ubuntu1 debiancve1 nvd1 nessus2 ubuntucve1 securityvulns2 cvelist1 fortinet1