CVE-2011-3634

Advanced Package Tool < 0.8.11 - Repository Credential Exposure via Invalid Certificate Host Name

Title source: llm
STIX 2.1

Description

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

References (4)

Core 4

Scores

EPSS 0.0080
EPSS Percentile 52.2%

Details

CWE
CWE-200
Status published
Products (10)
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
canonical/ubuntu_linux 11.04
debian/advanced_package_tool 0.8.0 (3 CPE variants)
debian/advanced_package_tool 0.8.1
debian/advanced_package_tool 0.8.10
debian/advanced_package_tool 0.8.10.1
debian/advanced_package_tool 0.8.10.2
debian/advanced_package_tool < 0.8.10.3
Published Mar 01, 2014
Tracked Since Feb 18, 2026