Computer Security
[EN] securityvulns.ru no-pyccku


Apache Subversion multiple security vulnerabilities
Published:26.08.2014
Source:
SecurityVulns ID:13938
Type:remote
Threat Level:
6/10
Description:DoS, information leakage, certificate validation bypass.
Affected:APACHE : Subversion 1.8
CVE:CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.)
 CVE-2014-3522 (The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.)
 CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.)
Original documentdocumentUBUNTU, [USN-2316-1] Subversion vulnerabilities (26.08.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod