4
CVE-2014-3522
- EPSS 5.58%
- Veröffentlicht 19.08.2014 18:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Subversion Version1.4.0
Apache ≫ Subversion Version1.4.1
Apache ≫ Subversion Version1.4.2
Apache ≫ Subversion Version1.4.3
Apache ≫ Subversion Version1.4.4
Apache ≫ Subversion Version1.4.5
Apache ≫ Subversion Version1.4.6
Apache ≫ Subversion Version1.5.0
Apache ≫ Subversion Version1.5.1
Apache ≫ Subversion Version1.5.2
Apache ≫ Subversion Version1.5.3
Apache ≫ Subversion Version1.5.4
Apache ≫ Subversion Version1.5.5
Apache ≫ Subversion Version1.5.6
Apache ≫ Subversion Version1.5.7
Apache ≫ Subversion Version1.5.8
Apache ≫ Subversion Version1.6.0
Apache ≫ Subversion Version1.6.1
Apache ≫ Subversion Version1.6.2
Apache ≫ Subversion Version1.6.3
Apache ≫ Subversion Version1.6.4
Apache ≫ Subversion Version1.6.5
Apache ≫ Subversion Version1.6.6
Apache ≫ Subversion Version1.6.7
Apache ≫ Subversion Version1.6.8
Apache ≫ Subversion Version1.6.9
Apache ≫ Subversion Version1.6.10
Apache ≫ Subversion Version1.6.11
Apache ≫ Subversion Version1.6.12
Apache ≫ Subversion Version1.6.13
Apache ≫ Subversion Version1.6.14
Apache ≫ Subversion Version1.6.15
Apache ≫ Subversion Version1.6.16
Apache ≫ Subversion Version1.6.17
Apache ≫ Subversion Version1.6.18
Apache ≫ Subversion Version1.6.19
Apache ≫ Subversion Version1.6.20
Apache ≫ Subversion Version1.6.21
Apache ≫ Subversion Version1.6.23
Apache ≫ Subversion Version1.7.0
Apache ≫ Subversion Version1.7.1
Apache ≫ Subversion Version1.7.2
Apache ≫ Subversion Version1.7.3
Apache ≫ Subversion Version1.7.4
Apache ≫ Subversion Version1.7.5
Apache ≫ Subversion Version1.7.6
Apache ≫ Subversion Version1.7.7
Apache ≫ Subversion Version1.7.8
Apache ≫ Subversion Version1.7.9
Apache ≫ Subversion Version1.7.10
Apache ≫ Subversion Version1.7.11
Apache ≫ Subversion Version1.7.12
Apache ≫ Subversion Version1.7.13
Apache ≫ Subversion Version1.7.14
Apache ≫ Subversion Version1.7.15
Apache ≫ Subversion Version1.7.16
Apache ≫ Subversion Version1.7.17
Apache ≫ Subversion Version1.8.0
Apache ≫ Subversion Version1.8.1
Apache ≫ Subversion Version1.8.2
Apache ≫ Subversion Version1.8.3
Apache ≫ Subversion Version1.8.4
Apache ≫ Subversion Version1.8.5
Apache ≫ Subversion Version1.8.6
Apache ≫ Subversion Version1.8.7
Apache ≫ Subversion Version1.8.8
Apache ≫ Subversion Version1.8.9
Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.58% | 0.919 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 4.9 | 4.9 |
AV:N/AC:H/Au:N/C:P/I:P/A:N
|
CWE-297 Improper Validation of Certificate with Host Mismatch
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://secunia.com/advisories/60722
http://www.ubuntu.com/usn/USN-2316-1
https://security.gentoo.org/glsa/201610-05
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
http://secunia.com/advisories/59584
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
http://secunia.com/advisories/59432
http://secunia.com/advisories/60100
http://www.osvdb.org/109996
http://www.securityfocus.com/bid/69237
https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
https://support.apple.com/HT204427