CVSS: 4.0EPSS: 0%CPEs: 94EXPL: 0CVE-2014-3504
https://notcve.org/view.php?id=CVE-2014-3504
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Las funciones (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate en Serf 0.2.0 hasta 1.3.x anterior a 1.3.7 no manejan debidamente un byte NUL en un nombre de dominio en el campo del asunto Common Name (CN) de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL arbitrarios a través de un certificado manipulado emitido por una autoridad de certificación legítima. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://secunia.com/advisories/59584 http://secunia.com/advisories/60721 http://ubuntu.com/usn/usn-2315-1 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/69238 https://groups.google.com/forum/#%21topic/serf-dev/NvgPoK6sFsc https://security.gentoo.org/glsa/201610-05 https://subversion.apache.org/security/CVE-2014-3522-advisory.txt •
CVSS: 4.0EPSS: 0%CPEs: 72EXPL: 0CVE-2014-3522
https://notcve.org/view.php?id=CVE-2014-3522
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La capa Serf RA en Apache Subversion 1.4.0 hasta 1.7.x anterior a 1.7.18 y 1.8.x anterior a 1.8.10 no maneja debidamente los comodines (wildcards) en el campo Common Name (CN) o subjectAltName de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60100 http://secunia.com/advisories/60722 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.osvdb.org/109996 http://www.securityfocus.com/bid/69237 http://www.ubuntu.com/usn/USN-2316-1 https://exchange • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 4.0EPSS: 0%CPEs: 103EXPL: 0CVE-2014-3528 – subversion: credentials leak via MD5 collision
https://notcve.org/view.php?id=CVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a través de un reino (realm) de la autenticación manipulado. It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-0165.html http://rhn.redhat.com/errata/RHSA-2015-0166.html http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60722 http://subversion.apache.org/security/CVE-2014-3528-advisory.txt http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html ht • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 10%CPEs: 21EXPL: 0CVE-2014-0032 – subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on
https://notcve.org/view.php?id=CVE-2014-0032
The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. la función get_resource en repos.c en el módulo mod_dav_svn en Apache Subversion anterior a 1.7.15 y 1.8.x anterior a 1.8.6, cuando SVNListParentPath está habilitado, permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con la raíz del servidor y solicitudes diferentes a GET, tal como se ha demostrado con el comando "svn ls http://svn.example.com". • http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502%40reser.org%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf%40ntlworld.com%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA%40mail.gmail.com%3E http://rhn.redhat.com/errata/ • CWE-20: Improper Input Validation •
CVSS: 2.6EPSS: 0%CPEs: 54EXPL: 0CVE-2013-4505
https://notcve.org/view.php?id=CVE-2013-4505
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. La función is_this_legal en mod_dontdothat para Apache Subversion 1.4.0 a 1.7.13 y 1.8.0 a 1.8.4 permite a atacantes remotos sortear restricciones de acceso intencionadas y posiblemente causar denegación de servicio (consumo de recursos) a través de URL relativas en una petición REPORT. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html http://osvdb.org/100364 http://secunia.com/advisories/55855 http://subversion.apache.org/security/CVE-2013-4505-advisory.txt • CWE-264: Permissions, Privileges, and Access Controls •