CVE-2014-3528
MEDIUM severity · CVSS 4 · CWE-255
4CVSS MEDIUM
Summary
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impactNone
Exploit probability (EPSS)7%
AV:N/AC:H/Au:N/C:P/I:P/A:N
Affected products we track (2)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://subversion.apache.org/security/CVE-2014-3528-advisory.txtAdvisory
- http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.htmlAdvisory
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-0165.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-0166.htmlAdvisory
- http://secunia.com/advisories/59432
- http://secunia.com/advisories/59584
- http://secunia.com/advisories/60722