CVE-2014-3522
N/A
N/A
Summary
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/59432
- http://www.ubuntu.com/usn/USN-2316-1
- https://support.apple.com/HT204427
- http://www.osvdb.org/109996
- http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
- https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
- http://secunia.com/advisories/60100
- http://secunia.com/advisories/60722
- http://www.securityfocus.com/bid/69237
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
- https://security.gentoo.org/glsa/201610-05
- http://secunia.com/advisories/59584
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
References
- http://secunia.com/advisories/59432
- http://www.ubuntu.com/usn/USN-2316-1
- https://support.apple.com/HT204427
- http://www.osvdb.org/109996
- http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
- https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
- http://secunia.com/advisories/60100
- http://secunia.com/advisories/60722
- http://www.securityfocus.com/bid/69237
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
- https://security.gentoo.org/glsa/201610-05
- http://secunia.com/advisories/59584
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.