UBUNTU-CVE-2019-17560

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-17560

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-17560.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-17560

Related

CVE-2019-17560

Published

2020-03-30T19:15:00Z

Modified

2024-10-15T14:07:03Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / netbeans

Package

Name: netbeans
Purl: pkg:deb/ubuntu/netbeans?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.2+dfsg1-4

8.0.2+dfsg1-5

8.1+dfsg1-1

8.1+dfsg2-1

8.1+dfsg2-3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / netbeans

Package

Name: netbeans
Purl: pkg:deb/ubuntu/netbeans?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1+dfsg3-4

10.*

10.0-3~18.04.1ubuntu1

10.0-3ubuntu2~18.04.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / netbeans

Package

Name: netbeans
Purl: pkg:deb/ubuntu/netbeans?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.0-3ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / netbeans

Package

Name: netbeans
Purl: pkg:deb/ubuntu/netbeans?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.1-3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / netbeans

Package

Name: netbeans
Purl: pkg:deb/ubuntu/netbeans?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.1-3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / netbeans

Package

Name: netbeans
Purl: pkg:deb/ubuntu/netbeans?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.1-3

Ecosystem specific

{
    "ubuntu_priority": "low"
}