CVE-2019-3462 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-3462 PUBLISHED

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

EPSS 6.99% · 91.4th percentile

Risk Scores

EPSS Score

6.99%

91.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	apt	1.2.12~ubuntu16.04.1, 1.2.10ubuntu1, 1.2.10
Ubuntu:18.04:LTS	apt	0, 1.5, 1.5.1
Ubuntu:14.04:LTS	apt	1.0.1ubuntu2.9, 1.0.1ubuntu2.10, 1.0.1ubuntu2.11

Timeline

CVE Published
Apr 14, 2021 EPSS Score
Nov 7, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Jan 22, 2024 EPSS Score
Jun 14, 2024 EPSS Score
Jan 7, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 21, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 28, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2019-3462 third-party-advisory
https://ubuntu.com/security/notices/USN-3863-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3863-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2019-3462 third-party-advisory
Vulnérabilité dans le gestionnaire de paquets APT advisory

Open in Interactive Console →