PRIOn knowledge basePRION:CVE-2014-3522Code injection
6.6 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
53.3%
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
| CPE | Name | Operator | Version |
|---|---|---|---|
| subversion | eq | 1.6.10 | |
| subversion | eq | 1.6.19 | |
| subversion | eq | 1.8.2 | |
| subversion | eq | 1.4.5 | |
| subversion | eq | 1.7.3 | |
| subversion | eq | 1.6.20 | |
| subversion | eq | 1.7.17 | |
| subversion | eq | 1.8.0 | |
| subversion | eq | 1.4.2 | |
| subversion | eq | 1.6.2 |
References
lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
secunia.com/advisories/59432
secunia.com/advisories/59584
secunia.com/advisories/60100
secunia.com/advisories/60722
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.osvdb.org/109996
www.securityfocus.com/bid/69237
www.ubuntu.com/usn/USN-2316-1
exchange.xforce.ibmcloud.com/vulnerabilities/95090
exchange.xforce.ibmcloud.com/vulnerabilities/95311
security.gentoo.org/glsa/201610-05
subversion.apache.org/security/CVE-2014-3522-advisory.txt
support.apple.com/HT204427
Related
6.6 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
53.3%