Lucene search
K

59 matches found

nessus
nessus
added 2014/10/12 12:0 a.m.31 views

Amazon Linux AMI : subversion (ALAS-2014-413)

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. C Tenabl...

4CVSS7.6AI score0.05581EPSS
Exploits0References2
nessus
nessus
added 2014/10/06 12:0 a.m.32 views

Apache Subversion 1.0.x - 1.7.17 / 1.8.x < 1.8.10 Multiple Vulnerabilities

The version of Subversion Server installed on the remote host is version 1.x.x prior to 1.7.18 or 1.8.x prior to 1.8.10. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the Serf RA layer. This flaw causes wildcards for HTTPS connections to be improperly evaluated,...

4CVSS7.6AI score0.07495EPSS
Exploits0References4
amazon
amazon
added 2014/09/17 12:0 a.m.49 views

Medium: subversion

Issue Overview: The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted...

4CVSS8.1AI score0.05581EPSS
Exploits0
nessus
nessus
added 2014/09/12 12:0 a.m.27 views

Mandriva Linux Security Advisory : serf (MDVSA-2014:166)

Updated serf packages fix security vulnerability : Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS7.6AI score0.0315EPSS
Exploits0References2
amazon
amazon
added 2014/09/03 12:0 a.m.49 views

Medium: libserf

Issue Overview: The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attacke...

4CVSS8.1AI score0.0315EPSS
Exploits0
osv
osv
added 2014/08/26 11:4 p.m.8 views

MGASA-2014-0353 Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS6AI score0.0315EPSS
Exploits0References3
mageia
mageia
added 2014/08/26 11:4 p.m.35 views

Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS7.5AI score0.0315EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.109 views

[USN-2315-1] serf vulnerability

========================================================================== Ubuntu Security Notice USN-2315-1 August 14, 2014 serf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

4CVSS0.7AI score0.0315EPSS
Exploits0
nvd
nvd
added 2014/08/19 6:55 p.m.20 views

CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

4CVSS6AI score0.05581EPSS
Exploits0References15
nvd
nvd
added 2014/08/19 6:55 p.m.23 views

CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

4CVSS6.1AI score0.0315EPSS
Exploits0References9
osv
osv
added 2014/08/19 6:55 p.m.1 views

DEBIAN-CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

4CVSS6.8AI score0.0315EPSS
Exploits0References1
osv
osv
added 2014/08/19 6:55 p.m.13 views

CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

4CVSS6AI score0.05581EPSS
Exploits0References9
osv
osv
added 2014/08/19 6:55 p.m.2 views

DEBIAN-CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

4CVSS6.7AI score0.05581EPSS
Exploits0References1
prion
prion
added 2014/08/19 6:55 p.m.16 views

Design/Logic Flaw

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

4CVSS6.7AI score0.05581EPSS
Exploits0References9Affected Software3
prion
prion
added 2014/08/19 6:55 p.m.20 views

Code injection

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

4CVSS6.6AI score0.05581EPSS
Exploits0References15Affected Software4
snyk
snyk
added 2014/08/19 6:55 p.m.3 views

Authentication Bypass

Overview Affected versions of this package are vulnerable to Authentication Bypass. The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN...

4.8CVSS6.8AI score0.0315EPSS
Exploits0References2
cvelist
cvelist
added 2014/08/19 6:0 p.m.27 views

CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

7.5AI score0.05581EPSS
Exploits0References15
cve
cve
added 2014/08/19 6:0 p.m.93 views

CVE-2014-3522

The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...

4CVSS8.3AI score0.05581EPSS
Exploits0References15Affected Software1
cvelist
cvelist
added 2014/08/19 6:0 p.m.21 views

CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

7.3AI score0.0315EPSS
Exploits0References9
cve
cve
added 2014/08/19 6:0 p.m.85 views

CVE-2014-3504

CVE-2014-3504 (Serf) affects the Serf SSL certificate handling in Serf 0.2.0–1.3.x prior to 1.3.7, where a NUL byte in a domain name within the certificate’s subject CN could allow a remote attacker to spoof an SSL server (MITM). The issue stems from improper parsing/validation of CN in X.509 cer...

4CVSS8AI score0.0315EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder