Lucene search

[email protected]NVD:CVE-2014-3528

HistoryAug 19, 2014 - 6:55 p.m.

CVE-2014-3528

2014-08-1918:55:02

CWE-255

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

Affected configurations

NVD

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

apachesubversionMatch1.0.0

apachesubversionMatch1.0.1

apachesubversionMatch1.0.2

apachesubversionMatch1.0.3

apachesubversionMatch1.0.4

apachesubversionMatch1.0.5

apachesubversionMatch1.0.6

apachesubversionMatch1.0.7

apachesubversionMatch1.0.8

apachesubversionMatch1.0.9

apachesubversionMatch1.1.0

apachesubversionMatch1.1.1

apachesubversionMatch1.1.2

apachesubversionMatch1.1.3

apachesubversionMatch1.1.4

apachesubversionMatch1.2.0

apachesubversionMatch1.2.1

apachesubversionMatch1.2.2

apachesubversionMatch1.2.3

apachesubversionMatch1.3.0

apachesubversionMatch1.3.1

apachesubversionMatch1.3.2

apachesubversionMatch1.4.0

apachesubversionMatch1.4.1

apachesubversionMatch1.4.2

apachesubversionMatch1.4.3

apachesubversionMatch1.4.4

apachesubversionMatch1.4.5

apachesubversionMatch1.4.6

apachesubversionMatch1.5.0

apachesubversionMatch1.5.1

apachesubversionMatch1.5.2

apachesubversionMatch1.5.3

apachesubversionMatch1.5.4

apachesubversionMatch1.5.5

apachesubversionMatch1.5.6

apachesubversionMatch1.5.7

apachesubversionMatch1.5.8

apachesubversionMatch1.6.0

apachesubversionMatch1.6.1

apachesubversionMatch1.6.2

apachesubversionMatch1.6.3

apachesubversionMatch1.6.4

apachesubversionMatch1.6.5

apachesubversionMatch1.6.6

apachesubversionMatch1.6.7

apachesubversionMatch1.6.8

apachesubversionMatch1.6.9

apachesubversionMatch1.6.10

apachesubversionMatch1.6.11

apachesubversionMatch1.6.12

apachesubversionMatch1.6.13

apachesubversionMatch1.6.14

apachesubversionMatch1.6.15

apachesubversionMatch1.6.16

apachesubversionMatch1.6.17

apachesubversionMatch1.6.18

apachesubversionMatch1.6.19

apachesubversionMatch1.6.20

apachesubversionMatch1.6.21

apachesubversionMatch1.6.23

apachesubversionMatch1.7.0

apachesubversionMatch1.7.1

apachesubversionMatch1.7.2

apachesubversionMatch1.7.3

apachesubversionMatch1.7.4

apachesubversionMatch1.7.5

apachesubversionMatch1.7.6

apachesubversionMatch1.7.7

apachesubversionMatch1.7.8

apachesubversionMatch1.7.9

apachesubversionMatch1.7.10

apachesubversionMatch1.7.11

apachesubversionMatch1.7.12

apachesubversionMatch1.7.13

apachesubversionMatch1.7.14

apachesubversionMatch1.7.15

apachesubversionMatch1.7.16

apachesubversionMatch1.7.17

apachesubversionMatch1.8.0

apachesubversionMatch1.8.1

apachesubversionMatch1.8.2

apachesubversionMatch1.8.3

apachesubversionMatch1.8.4

apachesubversionMatch1.8.5

apachesubversionMatch1.8.6

apachesubversionMatch1.8.7

apachesubversionMatch1.8.8

apachesubversionMatch1.8.9

Node

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch14.04lts

Node

applexcodeMatch6.1.1

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch6.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch6.6.z

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

References

lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

rhn.redhat.com/errata/RHSA-2015-0165.html

rhn.redhat.com/errata/RHSA-2015-0166.html

secunia.com/advisories/59432

secunia.com/advisories/59584

secunia.com/advisories/60722

subversion.apache.org/security/CVE-2014-3528-advisory.txt

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/68995

www.ubuntu.com/usn/USN-2316-1

security.gentoo.org/glsa/201610-05

support.apple.com/HT204427

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for NVD:CVE-2014-3528

fedora1 mageia2 openvas11 veracode2 cve1 nessus18 ubuntucve1 debiancve1 prion1 cvelist1 freebsd1 redhat2 centos2 oraclelinux2 ubuntu1 securityvulns2 gentoo1