8.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.139 Low
EPSS
Percentile
95.6%
Lieven Govaerts discovered that the Subversion mod_dav_svn module
incorrectly handled certain request methods when SVNListParentPath was
enabled. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2014-0032)
Ben Reser discovered that Subversion did not correctly validate SSL
certificates containing wildcards. A remote attacker could exploit this to
perform a machine-in-the-middle attack to view sensitive information or alter
encrypted communications. (CVE-2014-3522)
Bert Huijben discovered that Subversion did not properly handle cached
credentials. A malicious server could possibly use this issue to obtain
credentials cached for a different server. (CVE-2014-3528)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | libsvn1 | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | libapache2-mod-svn | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | libsvn-dev | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | libsvn-java | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | libsvn-perl | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | python-subversion | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | python-subversion-dbg | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | ruby-svn | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | subversion | < 1.8.8-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | subversion-dbg | < 1.8.8-1ubuntu3.1 | UNKNOWN |