PT-2014-1442 · Apache+5 · Apache Subversion+5

Bert Huijben

Publicado

2014-08-05

Atualizado

2024-06-15

CVE-2014-3528

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Subversion versions 1.0.0 through 1.7.x before 1.7.17 Apache Subversion versions 1.8.x before 1.8.10

Description The issue exists due to the storage of cached credentials based on MD5 hashes of URLs and authentication realms. This allows remote servers to obtain credentials by using a specially crafted authentication realm.

Recommendations For versions 1.0.0 through 1.7.x before 1.7.17, update to version 1.7.17 or later. For versions 1.8.x before 1.8.10, update to version 1.8.10 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255

Identificadores relacionados

ALT-PU-2015-1708

BDU:2015-00404

CESA-2015_0165

CESA-2015_0166

CVE-2014-3528

MGASA-2014-0338

MGASA-2014-0339

OPENSUSE-SU-2024:10538-1

RHSA-2015:0165

RHSA-2015:0166

RHSA-2015_0165

RHSA-2015_0166

SUSE-SU-2014_1071-1

SUSE-SU-2015:0709-1

USN-2316-1

Produtos afetados

Alt Linux

Apache Subversion

Centos

Red Hat

Suse

Ubuntu

PT-2014-1442 · Apache+5 · Apache Subversion+5

CVE-2014-3528

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 116