Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDebianCVE-2016-1252
HistoryDec 05, 2017 - 4:29 p.m.

CVE-2016-1252

2017-12-0516:29:00
CWE-295
debian
web.nvd.nist.gov
110
2
cve-2016-1252
apt package
debian
ubuntu
man-in-the-middle attack
repository-signing
inrelease file signatures
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.014

Percentile

86.2%

JSON

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

Affected configurations

Nvd
Node
debianadvanced_package_toolRange<1.0.9.8.4
AND
debiandebian_linuxMatch8.0
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch16.10
VendorProductVersionCPE
debianadvanced_package_tool*cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux16.10cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*

Social References

More

Related

ubuntucve 1
zdt 1
prion 1
debiancve 1
debian 2
nessus 2
exploitdb 1
openvas 3
ubuntu 1
cvelist 1
nvd 1
kitploit 1
ubuntucve
ubuntucve
CVE-2016-1252
2016-12-13 00:00:00
zdt
zdt
APT - Repository Signing Bypass via Memory Allocation Failure Vulnerability
2016-12-15 00:00:00
prion
prion
Design/Logic Flaw
2017-12-05 16:29:00
debiancve
debiancve
CVE-2016-1252
2017-12-05 16:29:00
debian
debian
[SECURITY] [DSA 3733-1] apt security update
2016-12-13 17:12:42
[SECURITY] [DSA 3733-1] apt security update
2016-12-13 17:12:42
nessus
nessus
Debian DSA-3733-1 : apt - security update
2016-12-14 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : APT vulnerability (USN-3156-1)
2016-12-14 00:00:00
exploitdb
exploitdb
APT - Repository Signing Bypass via Memory Allocation Failure
2016-12-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 3733-1 (apt - security update)
2016-12-13 00:00:00
Ubuntu: Security Advisory (USN-3156-1)
2016-12-14 00:00:00
Debian: Security Advisory (DSA-3733-1)
2016-12-12 00:00:00
ubuntu
ubuntu
APT vulnerability
2016-12-13 00:00:00
cvelist
cvelist
CVE-2016-1252
2017-12-05 16:00:00
nvd
nvd
CVE-2016-1252
2017-12-05 16:29:00
kitploit
kitploit
Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
2019-11-05 12:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.014

Percentile

86.2%

JSON
Related for CVE-2016-1252
ubuntucve1zdt1prion1debiancve1debian2nessus2exploitdb1openvas3ubuntu1cvelist1nvd1kitploit1