CVE-2014-0487

Description

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.

How to fix CVE-2014-0487

To remediate CVE-2014-0487, upgrade the affected package to a fixed version below.

• Debian/apt—upgrade to 1.0.9 or later
• Debian/apt—upgrade to 0.8.10.3+squeeze3 or later
• Debian/apt—upgrade to 0.9.7.9+deb7u3 or later

Is CVE-2014-0487 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 1.0.9
• from 0, < 0.8.10.3+squeeze3
• from 0, < 0.9.7.9+deb7u3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-0487