Lucene search

[email protected]NVD:CVE-2014-3522

HistoryAug 19, 2014 - 6:55 p.m.

CVE-2014-3522

2014-08-1918:55:02

CWE-297

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected configurations

NVD

Node

apachesubversionMatch1.4.0

apachesubversionMatch1.4.1

apachesubversionMatch1.4.2

apachesubversionMatch1.4.3

apachesubversionMatch1.4.4

apachesubversionMatch1.4.5

apachesubversionMatch1.4.6

apachesubversionMatch1.5.0

apachesubversionMatch1.5.1

apachesubversionMatch1.5.2

apachesubversionMatch1.5.3

apachesubversionMatch1.5.4

apachesubversionMatch1.5.5

apachesubversionMatch1.5.6

apachesubversionMatch1.5.7

apachesubversionMatch1.5.8

apachesubversionMatch1.6.0

apachesubversionMatch1.6.1

apachesubversionMatch1.6.2

apachesubversionMatch1.6.3

apachesubversionMatch1.6.4

apachesubversionMatch1.6.5

apachesubversionMatch1.6.6

apachesubversionMatch1.6.7

apachesubversionMatch1.6.8

apachesubversionMatch1.6.9

apachesubversionMatch1.6.10

apachesubversionMatch1.6.11

apachesubversionMatch1.6.12

apachesubversionMatch1.6.13

apachesubversionMatch1.6.14

apachesubversionMatch1.6.15

apachesubversionMatch1.6.16

apachesubversionMatch1.6.17

apachesubversionMatch1.6.18

apachesubversionMatch1.6.19

apachesubversionMatch1.6.20

apachesubversionMatch1.6.21

apachesubversionMatch1.6.23

apachesubversionMatch1.7.0

apachesubversionMatch1.7.1

apachesubversionMatch1.7.2

apachesubversionMatch1.7.3

apachesubversionMatch1.7.4

apachesubversionMatch1.7.5

apachesubversionMatch1.7.6

apachesubversionMatch1.7.7

apachesubversionMatch1.7.8

apachesubversionMatch1.7.9

apachesubversionMatch1.7.10

apachesubversionMatch1.7.11

apachesubversionMatch1.7.12

apachesubversionMatch1.7.13

apachesubversionMatch1.7.14

apachesubversionMatch1.7.15

apachesubversionMatch1.7.16

apachesubversionMatch1.7.17

apachesubversionMatch1.8.0

apachesubversionMatch1.8.1

apachesubversionMatch1.8.2

apachesubversionMatch1.8.3

apachesubversionMatch1.8.4

apachesubversionMatch1.8.5

apachesubversionMatch1.8.6

apachesubversionMatch1.8.7

apachesubversionMatch1.8.8

apachesubversionMatch1.8.9

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch14.04lts

Node

applexcodeMatch6.1.1

References

lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

secunia.com/advisories/59432

secunia.com/advisories/59584

secunia.com/advisories/60100

secunia.com/advisories/60722

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.osvdb.org/109996

www.securityfocus.com/bid/69237

www.ubuntu.com/usn/USN-2316-1

exchange.xforce.ibmcloud.com/vulnerabilities/95090

exchange.xforce.ibmcloud.com/vulnerabilities/95311

security.gentoo.org/glsa/201610-05

subversion.apache.org/security/CVE-2014-3522-advisory.txt

support.apple.com/HT204427

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for NVD:CVE-2014-3522

cve1 amazon1 nessus9 openvas5 ubuntucve1 prion1 debiancve1 fedora1 cvelist1 mageia1 freebsd1 securityvulns2 ubuntu1 rosalinux1 gentoo1