CVE-2019-3462

HIGH

advanced_package_tool <= 1.4.8 - Remote Code Execution via HTTP Redirect Field Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-3462. PoCs published by tonejito, atilacastro.

AI-analyzed exploit summary This repository contains a bash script to check if a Debian or Ubuntu system is vulnerable to CVE-2019-3462, a vulnerability in APT. The script compares the installed APT version against known vulnerable versions for specific OS releases.

Description

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Exploits (2)

nomisec SCANNER 2 stars

by tonejito · poc

https://github.com/tonejito/check_CVE-2019-3462

View Code ZIP pw:eip

This repository contains a bash script to check if a Debian or Ubuntu system is vulnerable to CVE-2019-3462, a vulnerability in APT. The script compares the installed APT version against known vulnerable versions for specific OS releases.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: APT (Advanced Package Tool) on Debian and Ubuntu

No auth needed

Prerequisites: Access to the target system's command line · APT installed on the target system

MITRE ATT&CK

T1069 - Permission Groups Discovery T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB

by atilacastro · poc

https://github.com/atilacastro/update-apt-package

View Code ZIP pw:eip

The repository contains only a README.md file with minimal content, which appears to be a placeholder or stub. No functional exploit code or technical details are provided.

Classification

Stub 10%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →