Improper input validation in Debian Advanced_package_tool

CVE-2014-0478

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.016 (72.1th percentile) — read the EPSS interpretation.

Affected products

Debian Advanced_package_tool
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security@debian.org (x_refsource_SECUNIA, third-party-advisory)
security@debian.org (x_refsource_SECUNIA, third-party-advisory)
security@debian.org (vendor-advisory, x_refsource_DEBIAN)
security@debian.org (x_refsource_CONFIRM, Exploit)
security@debian.org (x_refsource_UBUNTU, vendor-advisory)