Lucene search
CanonicalCVE-2015-1337HistoryOct 09, 2015 - 2:59 p.m.
CVE-2015-1337
2015-10-0914:59:00
CWE-20
canonical
web.nvd.nist.gov
30
cve-2015-1337
simple streams
simplestreams
gpg signatures
disk image files
remote mirror servers
spoofing
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
High
EPSS
0.006
Percentile
79.2%
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
Affected configurations
Node
simpestreams_projectsimplestreamsMatch-
Node
canonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch15.04
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simpestreams_project | simplestreams | - | cpe:2.3:a:simpestreams_project:simplestreams:-:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 15.04 | cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2015-10-09 14:59:00
openvas
openvas
Ubuntu: Security Advisory (USN-2746-1)
2015-09-25 00:00:00
nvd
nvd
CVE-2015-1337
2015-10-09 14:59:00
ubuntu
ubuntu
Simple Streams vulnerability
2015-09-24 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Simple Streams vulnerability (USN-2746-1)
2015-09-25 00:00:00
cvelist
cvelist
CVE-2015-1337
2015-10-09 14:00:00
ubuntucve
ubuntucve
CVE-2015-1337
2015-09-24 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
High
EPSS
0.006
Percentile
79.2%
Related for CVE-2015-1337