PT-2014-1442 · Apache+5 · Apache Subversion+5

Bert Huijben

Published

2014-08-05

Updated

2024-06-15

CVE-2014-3528

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Subversion versions 1.0.0 through 1.7.x before 1.7.17 Apache Subversion versions 1.8.x before 1.8.10

Description The issue exists due to the storage of cached credentials based on MD5 hashes of URLs and authentication realms. This allows remote servers to obtain credentials by using a specially crafted authentication realm.

Recommendations For versions 1.0.0 through 1.7.x before 1.7.17, update to version 1.7.17 or later. For versions 1.8.x before 1.8.10, update to version 1.8.10 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

ALT-PU-2015-1708

BDU:2015-00404

CESA-2015_0165

CESA-2015_0166

CVE-2014-3528

MGASA-2014-0338

MGASA-2014-0339

OPENSUSE-SU-2024:10538-1

RHSA-2015:0165

RHSA-2015:0166

RHSA-2015_0165

RHSA-2015_0166

SUSE-SU-2014_1071-1

SUSE-SU-2015:0709-1

USN-2316-1

Affected Products

Alt Linux

Apache Subversion

Centos

Red Hat

Suse

Ubuntu

PT-2014-1442 · Apache+5 · Apache Subversion+5

CVE-2014-3528

Weakness Enumeration

Related Identifiers

Affected Products

References · 116