4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
54.8%
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
secunia.com/advisories/59432
secunia.com/advisories/59584
secunia.com/advisories/60100
secunia.com/advisories/60722
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.osvdb.org/109996
www.securityfocus.com/bid/69237
www.ubuntu.com/usn/USN-2316-1
exchange.xforce.ibmcloud.com/vulnerabilities/95090
exchange.xforce.ibmcloud.com/vulnerabilities/95311
security.gentoo.org/glsa/201610-05
subversion.apache.org/security/CVE-2014-3522-advisory.txt
support.apple.com/HT204427