CVE Vulnerabilities

CVE-2014-3528

Published: Aug 19, 2014 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:N
RedHat/V2
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
LOW

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

Affected Software

Name Vendor Start Version End Version
Opensuse Opensuse 12.3 (including) 12.3 (including)
Opensuse Opensuse 13.1 (including) 13.1 (including)
Red Hat Enterprise Linux 6 RedHat subversion-0:1.6.11-12.el6_6 *
Red Hat Enterprise Linux 7 RedHat subversion-0:1.7.14-7.el7_0 *
Subversion Ubuntu devel *
Subversion Ubuntu lucid *
Subversion Ubuntu precise *
Subversion Ubuntu trusty *
Subversion Ubuntu upstream *

References