Lucene search

Ubuntu.comUB:CVE-2016-1000033

HistoryOct 25, 2016 - 12:00 a.m.

CVE-2016-1000033

2016-10-2500:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

29.2%

JSON

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a
TLS/SSL certification validation flaw resulting in a potential for man in
the middle attacks.

Bugs

Notes

Author	Note
mdeslaur	this is due to using webkit1, no fix available without switching to webkit2 which is not in trusty.

References

www.openwall.com/lists/oss-security/2015/12/04/4

launchpad.net/bugs/cve/CVE-2016-1000033

nvd.nist.gov/vuln/detail/CVE-2016-1000033

security-tracker.debian.org/tracker/CVE-2016-1000033

www.cve.org/CVERecord?id=CVE-2016-1000033

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

29.2%

JSON

Related for UB:CVE-2016-1000033