VDB
CVE-2019-3462
CVE-2019-3462
PUBLISHED
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
EPSS 12.68% · 94.1th percentile
Risk Scores
EPSS Score
12.68%
94.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | apt | 1.2.12~ubuntu16.04.1, 1.2.15, 1.2.15ubuntu0.2 |
| Ubuntu:18.04:LTS | apt | 1.6.1, 1.5.1, 1.6~alpha7ubuntu1 |
| Ubuntu:14.04:LTS | apt | 0.9.9.1~ubuntu3, 0.9.9.1~ubuntu5, 0.9.13~exp1ubuntu1 |
Exploit Intelligence
- Playbook update APT package because CVE-2019-3462 (github-poc)
- Playbook update APT package because CVE-2019-3462 (github-poc)
- Playbook update APT package because CVE-2019-3462 (github-poc)
- Playbook update APT package because CVE-2019-3462 (github-poc)
- Playbook update APT package because CVE-2019-3462 (github-poc)
- Playbook update APT package because CVE-2019-3462 (github-poc)
- Playbook update APT package because CVE-2019-3462 (github-poc)
- Check @Debian and @Ubuntu #GNU / #Linux for CVE-2019-3462 in APT (github-poc)
- Check @Debian and @Ubuntu #GNU / #Linux for CVE-2019-3462 in APT (github-poc)
- Check @Debian and @Ubuntu #GNU / #Linux for CVE-2019-3462 in APT (github-poc)
…and 22 more exploits
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- Nov 7, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 2, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jan 7, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3462 third-party-advisory
- https://ubuntu.com/security/notices/USN-3863-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3863-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3462 third-party-advisory
- Vulnérabilité dans le gestionnaire de paquets APT advisory