Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ubuntu APT 信息泄露漏洞
Vulnerability Description
APT(Advanced Packaging Tool)是一套基于Debian系统及其派生发行版的强大的包管理工具。该工具可自动下载、配置、安装二进制或源代码格式的软件包。 APT 0.8.10.3及之前版本中的methods/https.cc文件中存在安全漏洞,该漏洞源于应用程序没有正确处理‘Verify-Host’配置选项,造成没有正确验证SSL证书的主机名。攻击者可利用该漏洞实施中间人攻击获取库证书。
CVSS Information
N/A
Vulnerability Type
N/A