CVE-2014-0487

EUVD-2014-0518
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
debianadvanced_package_tool
1.0.3
debianadvanced_package_tool
1.0.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apt
bookworm
2.6.1
fixed
bullseye
2.2.4
fixed
sid
2.9.10
fixed
trixie
2.9.10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apt
lucid
Fixed 0.7.25.3ubuntu9.16
released
precise
Fixed 0.8.16~exp12ubuntu10.19
released
trusty
Fixed 1.0.1ubuntu2.3
released
References
http://secunia.com/advisories/61275
http://secunia.com/advisories/61286
http://ubuntu.com/usn/usn-2348-1
http://www.debian.org/security/2014/dsa-3025
http://secunia.com/advisories/61275
http://secunia.com/advisories/61286
http://ubuntu.com/usn/usn-2348-1
http://www.debian.org/security/2014/dsa-3025