CVE-2011-3634
apt - security update
EPSS 0.16%
Description
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
How to fix CVE-2011-3634
To remediate CVE-2011-3634, upgrade the affected package to a fixed version below.
- Debian/apt—upgrade to 0.8.11 or later
- Debian/apt—upgrade to 0.8.10.3+squeeze2 or later
Is CVE-2011-3634 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8.11
- from 0, < 0.8.10.3+squeeze2