PT-2014-1443 · Apache+2 · Apache Subversion+2

Published

2014-08-12

·

Updated

2024-06-15

·

CVE-2014-3522

CVSS v2.0

4.0

Medium

VectorAV:N/AC:H/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Apache Subversion versions 1.4.0 through 1.7.x before 1.7.18 Apache Subversion versions 1.8.x before 1.8.10
Description The issue exists due to incorrect handling of wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate in the Serf RA layer. This allows an attacker to spoof servers using a specially crafted certificate, potentially leading to man-in-the-middle attacks.
Recommendations For Apache Subversion versions 1.4.0 through 1.7.x before 1.7.18, update to version 1.7.18 or later. For Apache Subversion versions 1.8.x before 1.8.10, update to version 1.8.10 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-297

Related Identifiers

ALT-PU-2015-1708
BDU:2015-00405
CVE-2014-3522
MGASA-2014-0339
OPENSUSE-SU-2024:10538-1
USN-2316-1

Affected Products

Alt Linux
Apache Subversion
Ubuntu