CVE-2019-3462

moderate-risk
Published 2019-01-28

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Do I need to act?

~
7.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (10)

Advanced Package Tool
Active Iq

Affected Vendors

Debian Canonical Netapp

References (16)

Third Party Advisory http://www.securityfocus.com/bid/106690
https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37f...
Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html
Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20190125-0002/
Third Party Advisory https://usn.ubuntu.com/3863-1/
Third Party Advisory https://usn.ubuntu.com/3863-2/
Patch https://www.debian.org/security/2019/dsa-4371
Third Party Advisory http://www.securityfocus.com/bid/106690
https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37f...
Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html
Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20190125-0002/
Third Party Advisory https://usn.ubuntu.com/3863-1/
Third Party Advisory https://usn.ubuntu.com/3863-2/
Patch https://www.debian.org/security/2019/dsa-4371
49
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 9/34 · Low
Exposure 16/34 · Moderate