CVE-2014-3504
Ubuntu Security Notice USN-2315-1
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Las funciones (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate en Serf 0.2.0 hasta 1.3.x anterior a 1.3.7 no manejan debidamente un byte NUL en un nombre de dominio en el campo del asunto Common Name (CN) de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL arbitrarios a través de un certificado manipulado emitido por una autoridad de certificación legítima.
Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-14 CVE Reserved
- 2014-08-14 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/59584 | Third Party Advisory | |
| http://secunia.com/advisories/60721 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/69238 | Vdb Entry | |
| https://groups.google.com/forum/#%21topic/serf-dev/NvgPoK6sFsc | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html | 2023-11-07 | |
| http://ubuntu.com/usn/usn-2315-1 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201610-05 | 2023-11-07 | |
| https://subversion.apache.org/security/CVE-2014-3522-advisory.txt | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.0 Search vendor "Apache" for product "Subversion" and version "1.4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.1 Search vendor "Apache" for product "Subversion" and version "1.4.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.2 Search vendor "Apache" for product "Subversion" and version "1.4.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.3 Search vendor "Apache" for product "Subversion" and version "1.4.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.4 Search vendor "Apache" for product "Subversion" and version "1.4.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.5 Search vendor "Apache" for product "Subversion" and version "1.4.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.6 Search vendor "Apache" for product "Subversion" and version "1.4.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.0 Search vendor "Apache" for product "Subversion" and version "1.5.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.1 Search vendor "Apache" for product "Subversion" and version "1.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.2 Search vendor "Apache" for product "Subversion" and version "1.5.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.3 Search vendor "Apache" for product "Subversion" and version "1.5.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.4 Search vendor "Apache" for product "Subversion" and version "1.5.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.5 Search vendor "Apache" for product "Subversion" and version "1.5.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.6 Search vendor "Apache" for product "Subversion" and version "1.5.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.7 Search vendor "Apache" for product "Subversion" and version "1.5.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.8 Search vendor "Apache" for product "Subversion" and version "1.5.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.0 Search vendor "Apache" for product "Subversion" and version "1.6.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.1 Search vendor "Apache" for product "Subversion" and version "1.6.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.2 Search vendor "Apache" for product "Subversion" and version "1.6.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.3 Search vendor "Apache" for product "Subversion" and version "1.6.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.4 Search vendor "Apache" for product "Subversion" and version "1.6.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.5 Search vendor "Apache" for product "Subversion" and version "1.6.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.6 Search vendor "Apache" for product "Subversion" and version "1.6.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.7 Search vendor "Apache" for product "Subversion" and version "1.6.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.8 Search vendor "Apache" for product "Subversion" and version "1.6.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.9 Search vendor "Apache" for product "Subversion" and version "1.6.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.10 Search vendor "Apache" for product "Subversion" and version "1.6.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.11 Search vendor "Apache" for product "Subversion" and version "1.6.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.12 Search vendor "Apache" for product "Subversion" and version "1.6.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.13 Search vendor "Apache" for product "Subversion" and version "1.6.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.14 Search vendor "Apache" for product "Subversion" and version "1.6.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.15 Search vendor "Apache" for product "Subversion" and version "1.6.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.16 Search vendor "Apache" for product "Subversion" and version "1.6.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.17 Search vendor "Apache" for product "Subversion" and version "1.6.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.18 Search vendor "Apache" for product "Subversion" and version "1.6.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.19 Search vendor "Apache" for product "Subversion" and version "1.6.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.20 Search vendor "Apache" for product "Subversion" and version "1.6.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.21 Search vendor "Apache" for product "Subversion" and version "1.6.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.23 Search vendor "Apache" for product "Subversion" and version "1.6.23" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.0 Search vendor "Apache" for product "Subversion" and version "1.7.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.1 Search vendor "Apache" for product "Subversion" and version "1.7.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.2 Search vendor "Apache" for product "Subversion" and version "1.7.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.3 Search vendor "Apache" for product "Subversion" and version "1.7.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.4 Search vendor "Apache" for product "Subversion" and version "1.7.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.5 Search vendor "Apache" for product "Subversion" and version "1.7.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.6 Search vendor "Apache" for product "Subversion" and version "1.7.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.7 Search vendor "Apache" for product "Subversion" and version "1.7.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.8 Search vendor "Apache" for product "Subversion" and version "1.7.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.9 Search vendor "Apache" for product "Subversion" and version "1.7.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.10 Search vendor "Apache" for product "Subversion" and version "1.7.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.11 Search vendor "Apache" for product "Subversion" and version "1.7.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.12 Search vendor "Apache" for product "Subversion" and version "1.7.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.13 Search vendor "Apache" for product "Subversion" and version "1.7.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.14 Search vendor "Apache" for product "Subversion" and version "1.7.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.15 Search vendor "Apache" for product "Subversion" and version "1.7.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.16 Search vendor "Apache" for product "Subversion" and version "1.7.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.17 Search vendor "Apache" for product "Subversion" and version "1.7.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.0 Search vendor "Apache" for product "Subversion" and version "1.8.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.1 Search vendor "Apache" for product "Subversion" and version "1.8.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.2 Search vendor "Apache" for product "Subversion" and version "1.8.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.3 Search vendor "Apache" for product "Subversion" and version "1.8.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.4 Search vendor "Apache" for product "Subversion" and version "1.8.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.5 Search vendor "Apache" for product "Subversion" and version "1.8.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.6 Search vendor "Apache" for product "Subversion" and version "1.8.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.7 Search vendor "Apache" for product "Subversion" and version "1.8.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.8 Search vendor "Apache" for product "Subversion" and version "1.8.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.9 Search vendor "Apache" for product "Subversion" and version "1.8.9" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.2.0 Search vendor "Serf Project" for product "Serf" and version "0.2.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.3.0 Search vendor "Serf Project" for product "Serf" and version "0.3.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.3.1 Search vendor "Serf Project" for product "Serf" and version "0.3.1" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.4.0 Search vendor "Serf Project" for product "Serf" and version "0.4.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.5.0 Search vendor "Serf Project" for product "Serf" and version "0.5.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.6.0 Search vendor "Serf Project" for product "Serf" and version "0.6.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.6.1 Search vendor "Serf Project" for product "Serf" and version "0.6.1" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.7.0 Search vendor "Serf Project" for product "Serf" and version "0.7.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.7.1 Search vendor "Serf Project" for product "Serf" and version "0.7.1" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 0.7.2 Search vendor "Serf Project" for product "Serf" and version "0.7.2" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.0.0 Search vendor "Serf Project" for product "Serf" and version "1.0.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.0.1 Search vendor "Serf Project" for product "Serf" and version "1.0.1" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.0.2 Search vendor "Serf Project" for product "Serf" and version "1.0.2" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.0.3 Search vendor "Serf Project" for product "Serf" and version "1.0.3" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.1.0 Search vendor "Serf Project" for product "Serf" and version "1.1.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.1.1 Search vendor "Serf Project" for product "Serf" and version "1.1.1" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.2.0 Search vendor "Serf Project" for product "Serf" and version "1.2.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.2.1 Search vendor "Serf Project" for product "Serf" and version "1.2.1" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.3.0 Search vendor "Serf Project" for product "Serf" and version "1.3.0" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.3.1 Search vendor "Serf Project" for product "Serf" and version "1.3.1" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.3.2 Search vendor "Serf Project" for product "Serf" and version "1.3.2" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.3.3 Search vendor "Serf Project" for product "Serf" and version "1.3.3" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.3.4 Search vendor "Serf Project" for product "Serf" and version "1.3.4" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.3.5 Search vendor "Serf Project" for product "Serf" and version "1.3.5" | - |
Affected
| ||||||
| Serf Project Search vendor "Serf Project" | Serf Search vendor "Serf Project" for product "Serf" | 1.3.6 Search vendor "Serf Project" for product "Serf" and version "1.3.6" | - |
Affected
| ||||||