PT-2014-1443 · Apache+2 · Apache Subversion+2

Publicado

2014-08-12

·

Atualizado

2024-06-15

·

CVE-2014-3522

CVSS v2.0

4.0

Média

VetorAV:N/AC:H/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Apache Subversion versions 1.4.0 through 1.7.x before 1.7.18 Apache Subversion versions 1.8.x before 1.8.10
Description The issue exists due to incorrect handling of wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate in the Serf RA layer. This allows an attacker to spoof servers using a specially crafted certificate, potentially leading to man-in-the-middle attacks.
Recommendations For Apache Subversion versions 1.4.0 through 1.7.x before 1.7.18, update to version 1.7.18 or later. For Apache Subversion versions 1.8.x before 1.8.10, update to version 1.8.10 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-297

Identificadores relacionados

ALT-PU-2015-1708
BDU:2015-00405
CVE-2014-3522
MGASA-2014-0339
OPENSUSE-SU-2024:10538-1
USN-2316-1

Produtos afetados

Alt Linux
Apache Subversion
Ubuntu