Lucene search

K

Ubuntu.comUB:CVE-2014-3528

HistoryAug 05, 2014 - 12:00 a.m.

CVE-2014-3528

2014-08-0500:00:00

ubuntu.com

ubuntu.com

8

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.6%

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10
uses an MD5 hash of the URL and authentication realm to store cached
credentials, which makes it easier for remote servers to obtain the
credentials via a crafted authentication realm.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchsubversion< 1.6.17dfsg-3ubuntu3.4UNKNOWN
ubuntu14.04noarchsubversion< 1.8.8-1ubuntu3.1UNKNOWN

References

mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E

subversion.apache.org/security/CVE-2014-3528-advisory.txt

launchpad.net/bugs/cve/CVE-2014-3528

nvd.nist.gov/vuln/detail/CVE-2014-3528

security-tracker.debian.org/tracker/CVE-2014-3528

ubuntu.com/security/notices/USN-2316-1

www.cve.org/CVERecord?id=CVE-2014-3528

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.6%

Related for UB:CVE-2014-3528

fedora1 mageia2 veracode2 openvas11 nessus17 prion1 cve1 debiancve1 oraclelinux2 redhat2 centos2 freebsd1 securityvulns2 ubuntu1 gentoo1