CVE-2014-3522

Apache Subversion <1.7.18-1.8.10 - SSL Man-in-the-Middle

Title source: llm

Description

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

References (15)

Core 15

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59432

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2316-1

Third Party Advisory x_refsource_confirm

https://support.apple.com/HT204427

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/109996

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95311

Patch, Vendor Advisory x_refsource_confirm

https://subversion.apache.org/security/CVE-2014-3522-advisory.txt

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60100

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60722

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69237

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201610-05

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59584

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95090

Scores

EPSS 0.0262

EPSS Percentile 85.9%

Details

CWE

CWE-297

Status published

Products (50)

apache/subversion 1.4.0

apache/subversion 1.4.1

apache/subversion 1.4.2

apache/subversion 1.4.3

apache/subversion 1.4.4

apache/subversion 1.4.5

apache/subversion 1.4.6

apache/subversion 1.5.0

apache/subversion 1.5.1

apache/subversion 1.5.2

... and 40 more

Published Aug 19, 2014

Tracked Since Feb 18, 2026