Published: 03/11/2014 Updated: 08/01/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

APT prior to 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian advanced package tool 1.0.3
debian advanced package tool 1.0.7

Several security issues were fixed in APT ...

It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages d ...

Kaspersky Security Bulletin 2014. A look into the APT crystal ball

Securelist • Costin Raiu • 11 Dec 2014

PDF version EPUB version Download Full Report PDF Download Full Report EPUB Over the past years, Kaspersky’s Global Research and Analysis Team (GReAT) has shed light on some of the biggest APT campaigns, including RedOctober, Flame, NetTraveler, Miniduke, Epic Turla, Careto/Mask and others. While studying these campaigns we have also identified a number of 0-day exploits, including the most recent CVE-2014-0546. We were also among the first to report on emerging trends in the APT world, ...

CVE-2014-0487

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect