CVE-2014-3528

2014-08-1918:55:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2014-3528

apache subversion

md5 hash

vulnerability

nvd

8.2 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.6%

JSON

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

CPENameOperatorVersion
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq13.1
apache:subversionapache subversioneq1.2.0
apache:subversionapache subversioneq1.0.4
apache:subversionapache subversioneq1.6.10
apache:subversionapache subversioneq1.6.19
apache:subversionapache subversioneq1.8.2
apache:subversionapache subversioneq1.0.8
apache:subversionapache subversioneq1.4.5
apache:subversionapache subversioneq1.7.3

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	12.3
opensuse:opensuse	opensuse	eq	13.1
apache:subversion	apache subversion	eq	1.2.0
apache:subversion	apache subversion	eq	1.0.4
apache:subversion	apache subversion	eq	1.6.10
apache:subversion	apache subversion	eq	1.6.19
apache:subversion	apache subversion	eq	1.8.2
apache:subversion	apache subversion	eq	1.0.8
apache:subversion	apache subversion	eq	1.4.5
apache:subversion	apache subversion	eq	1.7.3