[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3522Date: (C)2014-08-22   (M)2023-12-22


The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 4.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
OSVDB-109996
SECUNIA-59432
SECUNIA-59584
SECUNIA-60100
SECUNIA-60722
BID-69237
APPLE-SA-2015-03-09-4
GLSA-201610-05
USN-2316-1
apache-subversion-cve20143522-spoofing(95311)
apache-subversion-cve20143528-info-disc(95090)
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
https://support.apple.com/HT204427
openSUSE-SU-2014:1059

CPE    72
cpe:/a:apache:subversion:1.6.10
cpe:/a:apache:subversion:1.6.11
cpe:/a:apache:subversion:1.6.12
cpe:/a:apache:subversion:1.6.13
...
CWE    1
CWE-297
OVAL    9
oval:org.secpod.oval:def:24065
oval:org.secpod.oval:def:24066
oval:org.secpod.oval:def:24064
oval:org.secpod.oval:def:1600198
...

© SecPod Technologies