CVE-2014-3528

Sažetak

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

Reference

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
http://rhn.redhat.com/errata/RHSA-2015-0165.html
http://rhn.redhat.com/errata/RHSA-2015-0166.html
http://secunia.com/advisories/59432
http://secunia.com/advisories/59584
http://secunia.com/advisories/60722
http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/68995
http://www.ubuntu.com/usn/USN-2316-1
https://security.gentoo.org/glsa/201610-05
https://support.apple.com/HT204427

CVSS

Base:	4.0
Impact:	4.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

30-10-2018 - 16:27

Objavljeno

19-08-2014 - 18:55