Lucene search
RedhatCVE-2014-3528HistoryAug 19, 2014 - 6:55 p.m.
CVE-2014-3528
2014-08-1918:55:02
CWE-255
redhat
web.nvd.nist.gov
53
cve-2014-3528
apache subversion
md5 hash
vulnerability
nvd
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
AI Score
8.6
Confidence
High
EPSS
0.002
Percentile
57.0%
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
Affected configurations
Node
opensuseopensuseMatch12.3
ORopensuseopensuseMatch13.1
Node
apachesubversionMatch1.0.0
ORapachesubversionMatch1.0.1
ORapachesubversionMatch1.0.2
ORapachesubversionMatch1.0.3
ORapachesubversionMatch1.0.4
ORapachesubversionMatch1.0.5
ORapachesubversionMatch1.0.6
ORapachesubversionMatch1.0.7
ORapachesubversionMatch1.0.8
ORapachesubversionMatch1.0.9
ORapachesubversionMatch1.1.0
ORapachesubversionMatch1.1.1
ORapachesubversionMatch1.1.2
ORapachesubversionMatch1.1.3
ORapachesubversionMatch1.1.4
ORapachesubversionMatch1.2.0
ORapachesubversionMatch1.2.1
ORapachesubversionMatch1.2.2
ORapachesubversionMatch1.2.3
ORapachesubversionMatch1.3.0
ORapachesubversionMatch1.3.1
ORapachesubversionMatch1.3.2
ORapachesubversionMatch1.4.0
ORapachesubversionMatch1.4.1
ORapachesubversionMatch1.4.2
ORapachesubversionMatch1.4.3
ORapachesubversionMatch1.4.4
ORapachesubversionMatch1.4.5
ORapachesubversionMatch1.4.6
ORapachesubversionMatch1.5.0
ORapachesubversionMatch1.5.1
ORapachesubversionMatch1.5.2
ORapachesubversionMatch1.5.3
ORapachesubversionMatch1.5.4
ORapachesubversionMatch1.5.5
ORapachesubversionMatch1.5.6
ORapachesubversionMatch1.5.7
ORapachesubversionMatch1.5.8
ORapachesubversionMatch1.6.0
ORapachesubversionMatch1.6.1
ORapachesubversionMatch1.6.2
ORapachesubversionMatch1.6.3
ORapachesubversionMatch1.6.4
ORapachesubversionMatch1.6.5
ORapachesubversionMatch1.6.6
ORapachesubversionMatch1.6.7
ORapachesubversionMatch1.6.8
ORapachesubversionMatch1.6.9
ORapachesubversionMatch1.6.10
ORapachesubversionMatch1.6.11
ORapachesubversionMatch1.6.12
ORapachesubversionMatch1.6.13
ORapachesubversionMatch1.6.14
ORapachesubversionMatch1.6.15
ORapachesubversionMatch1.6.16
ORapachesubversionMatch1.6.17
ORapachesubversionMatch1.6.18
ORapachesubversionMatch1.6.19
ORapachesubversionMatch1.6.20
ORapachesubversionMatch1.6.21
ORapachesubversionMatch1.6.23
ORapachesubversionMatch1.7.0
ORapachesubversionMatch1.7.1
ORapachesubversionMatch1.7.2
ORapachesubversionMatch1.7.3
ORapachesubversionMatch1.7.4
ORapachesubversionMatch1.7.5
ORapachesubversionMatch1.7.6
ORapachesubversionMatch1.7.7
ORapachesubversionMatch1.7.8
ORapachesubversionMatch1.7.9
ORapachesubversionMatch1.7.10
ORapachesubversionMatch1.7.11
ORapachesubversionMatch1.7.12
ORapachesubversionMatch1.7.13
ORapachesubversionMatch1.7.14
ORapachesubversionMatch1.7.15
ORapachesubversionMatch1.7.16
ORapachesubversionMatch1.7.17
ORapachesubversionMatch1.8.0
ORapachesubversionMatch1.8.1
ORapachesubversionMatch1.8.2
ORapachesubversionMatch1.8.3
ORapachesubversionMatch1.8.4
ORapachesubversionMatch1.8.5
ORapachesubversionMatch1.8.6
ORapachesubversionMatch1.8.7
ORapachesubversionMatch1.8.8
ORapachesubversionMatch1.8.9
Node
canonicalubuntu_linuxMatch12.04-lts
ORcanonicalubuntu_linuxMatch14.04lts
Node
applexcodeMatch6.1.1
Node
redhatenterprise_linux_desktopMatch6.0
ORredhatenterprise_linux_desktopMatch7.0
ORredhatenterprise_linux_hpc_nodeMatch6.0
ORredhatenterprise_linux_hpc_nodeMatch7.0
ORredhatenterprise_linux_serverMatch6.0
ORredhatenterprise_linux_serverMatch7.0
ORredhatenterprise_linux_server_eusMatch6.6.z
ORredhatenterprise_linux_workstationMatch6.0
ORredhatenterprise_linux_workstationMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opensuse | opensuse | 12.3 | cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
| apache | subversion | 1.0.0 | cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:* |
| apache | subversion | 1.0.1 | cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:* |
| apache | subversion | 1.0.2 | cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:* |
| apache | subversion | 1.0.3 | cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:* |
| apache | subversion | 1.0.4 | cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:* |
| apache | subversion | 1.0.5 | cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:* |
| apache | subversion | 1.0.6 | cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:* |
| apache | subversion | 1.0.7 | cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:* |
References
lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
rhn.redhat.com/errata/RHSA-2015-0165.html
rhn.redhat.com/errata/RHSA-2015-0166.html
secunia.com/advisories/59432
secunia.com/advisories/59584
secunia.com/advisories/60722
subversion.apache.org/security/CVE-2014-3528-advisory.txt
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.securityfocus.com/bid/68995
www.ubuntu.com/usn/USN-2316-1
security.gentoo.org/glsa/201610-05
support.apple.com/HT204427
Related
fedora
fedora
[SECURITY] Fedora 19 Update: subversion-1.7.18-1.fc19
2014-08-28 15:29:49
mageia
mageia
Updated subversion packages fix CVE-2014-3528
2014-08-21 13:36:13
Updated subversion packages fix security vulnerabilities
2014-08-21 13:36:13
cvelist
cvelist
CVE-2014-3528
2014-08-19 18:00:00
nessus
nessus
Mandriva Linux Security Advisory : subversion (MDVSA-2014:161)
2014-09-12 00:00:00
Fedora 19 : subversion-1.7.18-1.fc19 (2014-9521)
2014-08-29 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0338)
2022-01-28 00:00:00
Apache Subversion Insecure Authentication Weakness Vulnerability
2016-02-09 00:00:00
Fedora Update for subversion FEDORA-2014-9521
2014-08-29 00:00:00
ubuntucve
ubuntucve
CVE-2014-3528
2014-08-05 00:00:00
debiancve
debiancve
CVE-2014-3528
2014-08-19 18:55:02
prion
prion
Authentication flaw
2014-08-19 18:55:00
veracode
veracode
Information Disclosure
2019-01-15 09:04:32
Denial Of Service (DoS)
2019-05-02 05:13:28
nvd
nvd
CVE-2014-3528
2014-08-19 18:55:02
centos
centos
mod_dav_svn, subversion security update
2015-02-10 22:32:42
mod_dav_svn, subversion security update
2015-02-11 00:09:48
redhat
redhat
(RHSA-2015:0165) Moderate: subversion security update
2015-02-10 00:00:00
(RHSA-2015:0166) Moderate: subversion security update
2015-02-10 00:00:00
freebsd
freebsd
subversion -- several vulnerabilities
2014-08-06 00:00:00
oraclelinux
oraclelinux
subversion security update
2015-02-10 00:00:00
subversion security update
2015-02-10 00:00:00
ubuntu
ubuntu
Subversion vulnerabilities
2014-08-14 00:00:00
securityvulns
securityvulns
[USN-2316-1] Subversion vulnerabilities
2014-08-26 00:00:00
Apache Subversion multiple security vulnerabilities
2014-08-26 00:00:00
gentoo
gentoo
Subversion, Serf: Multiple Vulnerabilities
2016-10-11 00:00:00
osv
osv
libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 on GA media
2024-06-15 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
AI Score
8.6
Confidence
High
EPSS
0.002
Percentile
57.0%
Related for CVE-2014-3528