CVE-2015-1337

Simple Streams - Info Disclosure

Title source: llm
STIX 2.1

Description

Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2746-2
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2746-1

Scores

EPSS 0.0171
EPSS Percentile 74.6%

Details

CWE
CWE-20
Status published
Products (3)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
simpestreams_project/simplestreams
Published Oct 09, 2015
Tracked Since Feb 18, 2026