Unrated severityNVD Advisory· Published Oct 9, 2015· Updated May 6, 2026

CVE-2015-1337

Description

Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Affected products

Simpestreams Project/Simplestreams
cpe:2.3:a:simpestreams_project:simplestreams:-:*:*:*:*:*:*:*
Canonical/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004nvdExploit
www.ubuntu.com/usn/USN-2746-1nvd
www.ubuntu.com/usn/USN-2746-2nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000