Vulnerability in Apache Subversion
CVE-2014-3504
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of a…
EPSS: 0.021 (84.4th percentile) — read the EPSS interpretation.
Affected products
- Apache Subversion — versions 1.4.0, 1.4.1, 1.4.2
- Serf_project Serf — versions 0.2.0, 0.3.0, 0.3.1
- Canonical Ubuntu_linux — versions 12.04, 14.04
- N/a — versions n/a
References
- USN-2315-1 (x_refsource_UBUNTU, vendor-advisory, Vendor Advisory)
- 69238 (vdb-entry, x_refsource_BID)
- 60721 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- openSUSE-SU-2014:1059 (vendor-advisory, x_refsource_SUSE)
- GLSA-201610-05 (vendor-advisory, x_refsource_GENTOO)
- 59584 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)