CVE-2011-3634

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-3634

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-3634.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2011-3634

Downstream

DEBIAN-CVE-2011-3634

DLA-0005-1

Published

2014-03-01T00:55:04Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

References

http://www.ubuntu.com/usn/USN-1283-1
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3634.html
https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt/apt.git%3Ba=blob%3Bf=debian/changelog%3Bhb=HEAD
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353

CVE-2011-3634

Affected packages