CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
90.4%
It was discovered that APT did not re-verify downloaded files when the
If-Modified-Since wasn’t met. (CVE-2014-0487)
It was discovered that APT did not invalidate repository data when it
switched from an unauthenticated to an authenticated state. (CVE-2014-0488)
It was discovered that the APT Acquire::GzipIndexes option caused APT to
skip checksum validation. This issue only applied to Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS, and was not enabled by default. (CVE-2014-0489)
It was discovered that APT did not correctly validate signatures when
manually downloading packages using the download command. This issue only
applied to Ubuntu 12.04 LTS. (CVE-2014-0490)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | apt | < 1.0.1ubuntu2.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | apt-transport-https | < 1.0.1ubuntu2.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | apt-utils | < 1.0.1ubuntu2.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | libapt-inst1.5 | < 1.0.1ubuntu2.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | libapt-pkg-dev | < 1.0.1ubuntu2.3 | UNKNOWN |
Ubuntu | 14.04 | noarch | libapt-pkg4.12 | < 1.0.1ubuntu2.3 | UNKNOWN |
Ubuntu | 12.04 | noarch | apt | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |
Ubuntu | 12.04 | noarch | apt-transport-https | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |
Ubuntu | 12.04 | noarch | apt-utils | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |
Ubuntu | 12.04 | noarch | libapt-inst1.4 | < 0.8.16~exp12ubuntu10.19 | UNKNOWN |