4

CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheSubversion Version1.4.0
ApacheSubversion Version1.4.1
ApacheSubversion Version1.4.2
ApacheSubversion Version1.4.3
ApacheSubversion Version1.4.4
ApacheSubversion Version1.4.5
ApacheSubversion Version1.4.6
ApacheSubversion Version1.5.0
ApacheSubversion Version1.5.1
ApacheSubversion Version1.5.2
ApacheSubversion Version1.5.3
ApacheSubversion Version1.5.4
ApacheSubversion Version1.5.5
ApacheSubversion Version1.5.6
ApacheSubversion Version1.5.7
ApacheSubversion Version1.5.8
ApacheSubversion Version1.6.0
ApacheSubversion Version1.6.1
ApacheSubversion Version1.6.2
ApacheSubversion Version1.6.3
ApacheSubversion Version1.6.4
ApacheSubversion Version1.6.5
ApacheSubversion Version1.6.6
ApacheSubversion Version1.6.7
ApacheSubversion Version1.6.8
ApacheSubversion Version1.6.9
ApacheSubversion Version1.6.10
ApacheSubversion Version1.6.11
ApacheSubversion Version1.6.12
ApacheSubversion Version1.6.13
ApacheSubversion Version1.6.14
ApacheSubversion Version1.6.15
ApacheSubversion Version1.6.16
ApacheSubversion Version1.6.17
ApacheSubversion Version1.6.18
ApacheSubversion Version1.6.19
ApacheSubversion Version1.6.20
ApacheSubversion Version1.6.21
ApacheSubversion Version1.6.23
ApacheSubversion Version1.7.0
ApacheSubversion Version1.7.1
ApacheSubversion Version1.7.2
ApacheSubversion Version1.7.3
ApacheSubversion Version1.7.4
ApacheSubversion Version1.7.5
ApacheSubversion Version1.7.6
ApacheSubversion Version1.7.7
ApacheSubversion Version1.7.8
ApacheSubversion Version1.7.9
ApacheSubversion Version1.7.10
ApacheSubversion Version1.7.11
ApacheSubversion Version1.7.12
ApacheSubversion Version1.7.13
ApacheSubversion Version1.7.14
ApacheSubversion Version1.7.15
ApacheSubversion Version1.7.16
ApacheSubversion Version1.7.17
ApacheSubversion Version1.8.0
ApacheSubversion Version1.8.1
ApacheSubversion Version1.8.2
ApacheSubversion Version1.8.3
ApacheSubversion Version1.8.4
ApacheSubversion Version1.8.5
ApacheSubversion Version1.8.6
ApacheSubversion Version1.8.7
ApacheSubversion Version1.8.8
ApacheSubversion Version1.8.9
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
AppleXCode Version6.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.58% 0.919
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 4.9 4.9
AV:N/AC:H/Au:N/C:P/I:P/A:N
CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://secunia.com/advisories/60722
http://www.ubuntu.com/usn/USN-2316-1
Third Party Advisory
https://security.gentoo.org/glsa/201610-05
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
Third Party Advisory
http://secunia.com/advisories/59584
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59432
http://secunia.com/advisories/60100
http://www.osvdb.org/109996
http://www.securityfocus.com/bid/69237
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
https://support.apple.com/HT204427
Third Party Advisory