Lucene search
K

385 matches found

Prion
Prion
added 2014/08/19 6:55 p.m.19 views

Code injection

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

4CVSS6.6AI score0.05581EPSS
Exploits0References15Affected Software4
Prion
Prion
added 2014/08/19 6:55 p.m.20 views

Authentication flaw

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

4CVSS6.9AI score0.07495EPSS
Exploits0References13Affected Software9
Cvelist
Cvelist
added 2014/08/19 6:0 p.m.26 views

CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

7.5AI score0.05581EPSS
Exploits0References15
Debian CVE
Debian CVE
added 2014/08/19 6:0 p.m.29 views

CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

4CVSS7.5AI score0.05581EPSS
Exploits0
Debian CVE
Debian CVE
added 2014/08/19 6:0 p.m.21 views

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

4CVSS8.6AI score0.07495EPSS
Exploits0
CVE
CVE
added 2014/08/19 6:0 p.m.102 views

CVE-2014-3528

CVE-2014-3528 affects Apache Subversion: cached credentials are protected by an MD5 hash of the URL and authentication realm. Subversion 1.0.0–1.7.x (before 1.7.17) and 1.8.x (before 1.8.10) store credentials in this manner, which may allow a remote server to obtain credentials via a crafted auth...

4CVSS8.6AI score0.07495EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2014/08/19 6:0 p.m.24 views

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

8.8AI score0.07495EPSS
Exploits0References13
CVE
CVE
added 2014/08/19 6:0 p.m.92 views

CVE-2014-3522

The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...

4CVSS8.3AI score0.05581EPSS
Exploits0References15Affected Software1
UbuntuCve
UbuntuCve
added 2014/08/12 12:0 a.m.28 views

CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

4CVSS7.1AI score0.05581EPSS
Exploits0References3
OSV
OSV
added 2014/08/12 12:0 a.m.9 views

UBUNTU-CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

4CVSS7.1AI score0.05581EPSS
Exploits0References4
Kaspersky
Kaspersky
added 2014/08/07 12:0 a.m.51 views

KLA10071 DoS vulnerability in Apache Subversion

An unspecified vulnerability was found in Apache Subversion. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited from the network at a point related to moddavsvn via a specially designed OPTIONS request. Original advisories Apache...

4.3CVSS8.4AI score0.11052EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/08/05 12:0 a.m.27 views

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

4CVSS7.2AI score0.07495EPSS
Exploits0References4
Amazon
Amazon
added 2014/03/25 12:0 a.m.39 views

Medium: subversion

Issue Overview: A flaw was found in the way the moddavsvn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. The getresource function in repos.c in the...

4.3CVSS8.6AI score0.11052EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/03/17 12:0 a.m.28 views

Fedora 19 : subversion-1.7.16-1.fc19 (2014-3567)

This update includes the latest stable release of Apache Subversion 1.7, fixing a security issue CVE-2014-0032 : Subversion's moddavsvn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and...

4.3CVSS7.7AI score0.11052EPSS
Exploits0References4
Mageia
Mageia
added 2014/02/27 10:0 p.m.38 views

Updated subversion packages fix CVE-2014-0032

Updated subversion packages fix security vulnerability: The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via an OPTIONS request CVE-2014-0032. The package has been updated to version 1.8.8, which...

4.3CVSS8.3AI score0.11052EPSS
Exploits0References3
NVD
NVD
added 2014/02/14 3:55 p.m.23 views

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

4.3CVSS6.2AI score0.11052EPSS
Exploits0References19
OSV
OSV
added 2014/02/14 3:55 p.m.9 views

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

6.3AI score
Exploits0References19
Prion
Prion
added 2014/02/14 3:55 p.m.17 views

Command injection

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

4.3CVSS6.9AI score0.11052EPSS
Exploits0References19Affected Software1
Debian CVE
Debian CVE
added 2014/02/14 3:0 p.m.24 views

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

4.3CVSS8AI score0.11052EPSS
Exploits0
Cvelist
Cvelist
added 2014/02/14 3:0 p.m.26 views

CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...

8.1AI score0.11052EPSS
Exploits0References19
Rows per page
Query Builder