The Serf RA layer in Apache Subversion 1.4.0 up to and including 1.7.x prior to 1.7.18 and 1.8.x prior to 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof servers via a crafted certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache subversion 1.7.17 |
||
apache subversion 1.8.7 |
||
apache subversion 1.8.5 |
||
apache subversion 1.8.6 |
||
apache subversion 1.7.13 |
||
apache subversion 1.7.14 |
||
apache subversion 1.7.7 |
||
apache subversion 1.7.8 |
||
apache subversion 1.6.14 |
||
apache subversion 1.6.15 |
||
apache subversion 1.6.21 |
||
apache subversion 1.6.23 |
||
apache subversion 1.6.9 |
||
apache subversion 1.5.0 |
||
apache subversion 1.5.8 |
||
apache subversion 1.4.0 |
||
apache subversion 1.8.2 |
||
apache subversion 1.8.3 |
||
apache subversion 1.8.4 |
||
apache subversion 1.7.11 |
||
apache subversion 1.7.12 |
||
apache subversion 1.7.5 |
||
apache subversion 1.7.6 |
||
apache subversion 1.6.12 |
||
apache subversion 1.6.13 |
||
apache subversion 1.6.2 |
||
apache subversion 1.6.20 |
||
apache subversion 1.6.7 |
||
apache subversion 1.6.8 |
||
apache subversion 1.5.6 |
||
apache subversion 1.5.7 |
||
apache subversion 1.4.5 |
||
apache subversion 1.4.6 |
||
apache subversion 1.8.0 |
||
apache subversion 1.8.1 |
||
apache subversion 1.7.1 |
||
apache subversion 1.7.10 |
||
apache subversion 1.7.3 |
||
apache subversion 1.7.4 |
||
apache subversion 1.6.1 |
||
apache subversion 1.6.10 |
||
apache subversion 1.6.11 |
||
apache subversion 1.6.18 |
||
apache subversion 1.6.19 |
||
apache subversion 1.6.5 |
||
apache subversion 1.6.6 |
||
apache subversion 1.5.4 |
||
apache subversion 1.5.5 |
||
apache subversion 1.4.3 |
||
apache subversion 1.4.4 |
||
apache subversion 1.8.8 |
||
apache subversion 1.8.9 |
||
apache subversion 1.7.16 |
||
apache subversion 1.7.0 |
||
apache subversion 1.7.15 |
||
apache subversion 1.7.2 |
||
apache subversion 1.7.9 |
||
apache subversion 1.6.0 |
||
apache subversion 1.6.16 |
||
apache subversion 1.6.17 |
||
apache subversion 1.6.3 |
||
apache subversion 1.6.4 |
||
apache subversion 1.5.1 |
||
apache subversion 1.5.2 |
||
apache subversion 1.5.3 |
||
apache subversion 1.4.1 |
||
apache subversion 1.4.2 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
apple xcode 6.1.1 |