Apache · Apache Subversion · CVE-2014-3528
**Name of the Vulnerable Software and Affected Versions**
Apache Subversion versions 1.0.0 through 1.7.x before 1.7.17
Apache Subversion versions 1.8.x before 1.8.10
**Description**
The issue exists due to the storage of cached credentials based on MD5 hashes of URLs and authentication realms. This allows remote servers to obtain credentials by using a specially crafted authentication realm.
**Recommendations**
For versions 1.0.0 through 1.7.x before 1.7.17, update to version 1.7.17 or later.
For versions 1.8.x before 1.8.10, update to version 1.8.10 or later.