CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.ubuntu.com/usn/USN-1352-1
https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210
http://www.ubuntu.com/usn/USN-1352-1
https://bugs.launchpad.net/ubuntu/%2Bsource/software-properties/%2Bbug/915210

Products affected by CVE-2011-4407

Canonical » Software-Properties » Version: N/A

cpe:2.3:a:canonical:software-properties:-
Canonical » Software-Properties » Version: 0.81.13.1

cpe:2.3:a:canonical:software-properties:0.81.13.1
Canonical » Ubuntu Linux » Version: 10.04

cpe:2.3:o:canonical:ubuntu_linux:10.04
Canonical » Ubuntu Linux » Version: 10.10

cpe:2.3:o:canonical:ubuntu_linux:10.10
Canonical » Ubuntu Linux » Version: 11.04

cpe:2.3:o:canonical:ubuntu_linux:11.04
Canonical » Ubuntu Linux » Version: 11.10

cpe:2.3:o:canonical:ubuntu_linux:11.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-4407

Products

Pricing

Contact Us