4
CVSSv2

CVE-2014-3522

Published: 19/08/2014 Updated: 30/10/2018
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 356
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Summary

The Serf RA layer in Apache Subversion 1.4.0 up to and including 1.7.x prior to 1.7.18 and 1.8.x prior to 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof servers via a crafted certificate.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion 1.7.17

apache subversion 1.8.7

apache subversion 1.8.5

apache subversion 1.8.6

apache subversion 1.7.13

apache subversion 1.7.14

apache subversion 1.7.7

apache subversion 1.7.8

apache subversion 1.6.14

apache subversion 1.6.15

apache subversion 1.6.21

apache subversion 1.8.2

apache subversion 1.4.5

apache subversion 1.6.20

apache subversion 1.6.2

apache subversion 1.7.11

apache subversion 1.7.6

apache subversion 1.4.0

apache subversion 1.5.7

apache subversion 1.4.6

apache subversion 1.7.12

apache subversion 1.6.8

apache subversion 1.6.13

apache subversion 1.5.8

apache subversion 1.6.7

apache subversion 1.6.12

apache subversion 1.8.4

apache subversion 1.6.23

apache subversion 1.8.3

apache subversion 1.7.5

apache subversion 1.5.6

apache subversion 1.5.0

apache subversion 1.6.9

apache subversion 1.6.10

apache subversion 1.6.19

apache subversion 1.7.3

apache subversion 1.8.0

apache subversion 1.4.2

apache subversion 1.7.1

apache subversion 1.7.16

apache subversion 1.6.18

apache subversion 1.6.16

apache subversion 1.5.5

apache subversion 1.7.4

apache subversion 1.6.5

apache subversion 1.5.3

apache subversion 1.8.1

apache subversion 1.4.4

apache subversion 1.8.9

apache subversion 1.7.9

apache subversion 1.6.3

apache subversion 1.7.10

apache subversion 1.6.0

apache subversion 1.5.2

apache subversion 1.7.2

apache subversion 1.6.1

apache subversion 1.6.4

apache subversion 1.4.3

apache subversion 1.5.4

apache subversion 1.6.11

apache subversion 1.5.1

apache subversion 1.7.15

apache subversion 1.6.17

apache subversion 1.6.6

apache subversion 1.4.1

apache subversion 1.8.8

apache subversion 1.7.0

opensuse opensuse 12.3

opensuse opensuse 13.1

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

apple xcode 6.1.1

Vendor Advisories

Several security issues were fixed in Subversion ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use th ...
The Serf RA layer in Apache Subversion 140 through 17x before 1718 and 18x before 1810 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - October 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day wh ...