[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3528Date: (C)2014-08-22   (M)2023-12-22


Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 4.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-59432
SECUNIA-59584
SECUNIA-60722
BID-68995
APPLE-SA-2015-03-09-4
GLSA-201610-05
RHSA-2015:0165
RHSA-2015:0166
USN-2316-1
http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://support.apple.com/HT204427
openSUSE-SU-2014:1059

CPE    102
cpe:/o:redhat:enterprise_linux_hpc_node:6.0
cpe:/a:apple:xcode:6.1.1
cpe:/a:apache:subversion:1.0.0
cpe:/a:apache:subversion:1.0.1
...
CWE    1
CWE-255
OVAL    13
oval:org.secpod.oval:def:24064
oval:org.secpod.oval:def:26434
oval:org.secpod.oval:def:1500910
oval:org.secpod.oval:def:1500911
...

© SecPod Technologies