CVE-2014-3522

Sažetak

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Reference

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
http://secunia.com/advisories/59432
http://secunia.com/advisories/59584
http://secunia.com/advisories/60100
http://secunia.com/advisories/60722
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.osvdb.org/109996
http://www.securityfocus.com/bid/69237
http://www.ubuntu.com/usn/USN-2316-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
https://security.gentoo.org/glsa/201610-05
https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
https://support.apple.com/HT204427

CVSS

Base:	4.0
Impact:	4.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

30-10-2018 - 16:27

Objavljeno

19-08-2014 - 18:55