Vulnerability in Apache Subversion
CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted…
EPSS: 0.034 (87.6th percentile) — read the EPSS interpretation.
Affected products
- Apache Subversion — versions 1.0.0, 1.0.1, 1.0.2
- Apple Xcode — versions 6.1.1
- Canonical Ubuntu_linux — versions 12.04, 14.04
- Opensuse — versions 12.3, 13.1
- Redhat Enterprise_linux_desktop — versions 6.0, 7.0
- Redhat Enterprise_linux_hpc_node — versions 6.0, 7.0
- Redhat Enterprise_linux_server — versions 6.0, 7.0
- Redhat Enterprise_linux_server_eus — versions 6.6.z
- Redhat Enterprise_linux_workstation — versions 6.0, 7.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 59432 (x_refsource_SECUNIA, third-party-advisory)
- USN-2316-1 (x_refsource_UBUNTU, vendor-advisory, Vendor Advisory)
- RHSA-2015:0166 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- 68995 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- APPLE-SA-2015-03-09-4 (vendor-advisory, x_refsource_APPLE, Mailing List, Third Party Advisory)
- RHSA-2015:0165 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 60722 (x_refsource_SECUNIA, third-party-advisory)
- openSUSE-SU-2014:1059 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)