4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
54.4%
Issue Overview:
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Affected Packages:
subversion
Issue Correction:
Run yum update subversion to update your system.
New Packages:
i686:
subversion-tools-1.8.10-1.44.amzn1.i686
subversion-1.8.10-1.44.amzn1.i686
subversion-libs-1.8.10-1.44.amzn1.i686
subversion-ruby-1.8.10-1.44.amzn1.i686
mod_dav_svn-1.8.10-1.44.amzn1.i686
subversion-javahl-1.8.10-1.44.amzn1.i686
subversion-python-1.8.10-1.44.amzn1.i686
subversion-perl-1.8.10-1.44.amzn1.i686
subversion-devel-1.8.10-1.44.amzn1.i686
subversion-debuginfo-1.8.10-1.44.amzn1.i686
src:
subversion-1.8.10-1.44.amzn1.src
x86_64:
subversion-javahl-1.8.10-1.44.amzn1.x86_64
subversion-devel-1.8.10-1.44.amzn1.x86_64
subversion-libs-1.8.10-1.44.amzn1.x86_64
subversion-python-1.8.10-1.44.amzn1.x86_64
subversion-perl-1.8.10-1.44.amzn1.x86_64
subversion-debuginfo-1.8.10-1.44.amzn1.x86_64
subversion-ruby-1.8.10-1.44.amzn1.x86_64
mod_dav_svn-1.8.10-1.44.amzn1.x86_64
subversion-tools-1.8.10-1.44.amzn1.x86_64
subversion-1.8.10-1.44.amzn1.x86_64
Red Hat: CVE-2014-3522
Mitre: CVE-2014-3522
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | subversion-tools | < 1.8.10-1.44.amzn1 | subversion-tools-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion | < 1.8.10-1.44.amzn1 | subversion-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion-libs | < 1.8.10-1.44.amzn1 | subversion-libs-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion-ruby | < 1.8.10-1.44.amzn1 | subversion-ruby-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | mod_dav_svn | < 1.8.10-1.44.amzn1 | mod_dav_svn-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion-javahl | < 1.8.10-1.44.amzn1 | subversion-javahl-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion-python | < 1.8.10-1.44.amzn1 | subversion-python-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion-perl | < 1.8.10-1.44.amzn1 | subversion-perl-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion-devel | < 1.8.10-1.44.amzn1 | subversion-devel-1.8.10-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | subversion-debuginfo | < 1.8.10-1.44.amzn1 | subversion-debuginfo-1.8.10-1.44.amzn1.i686.rpm |