Description
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
References (13)
Core 13
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59432
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2316-1
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0166.html
Third Party Advisory x_refsource_confirm
https://support.apple.com/HT204427
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68995
Vendor Advisory x_refsource_confirm
http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0165.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60722
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201610-05
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59584
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Scores
EPSS
0.0338
EPSS Percentile
87.6%
Details
CWE
CWE-255
Status
published
Products (50)
apache/subversion
1.0.0
apache/subversion
1.0.1
apache/subversion
1.0.2
apache/subversion
1.0.3
apache/subversion
1.0.4
apache/subversion
1.0.5
apache/subversion
1.0.6
apache/subversion
1.0.7
apache/subversion
1.0.8
apache/subversion
1.0.9
... and 40 more
Published
Aug 19, 2014
Tracked Since
Feb 18, 2026