CVE-2011-3634

Published Mar 1, 2014

Last updated 3 months ago

CVSS info 2.6

Overview

Description: methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A17E71A5-50D2-49AD-BAB0-9C5AEB7A6CCE",
            "versionEndIncluding": "0.8.10.3"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F4BC141-EEEB-4D0B-A3D4-24929855B685"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CA54D7A-9296-4530-8215-6EB708DDE2B7"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04F345BE-745C-418D-BF0F-B7A5F1E3A5B7"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46799DD7-E46E-4EB2-AF13-852407384A5C"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C417AF8F-D12C-4759-B99D-C60E139B9946"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References