// For flags

CVE-2014-3504

 

Severity Score

4.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Las funciones (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate en Serf 0.2.0 hasta 1.3.x anterior a 1.3.7 no manejan debidamente un byte NUL en un nombre de dominio en el campo del asunto Common Name (CN) de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL arbitrarios a través de un certificado manipulado emitido por una autoridad de certificación legítima.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-08-14 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.4.0
Search vendor "Apache" for product "Subversion" and version "1.4.0"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.4.1
Search vendor "Apache" for product "Subversion" and version "1.4.1"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.4.2
Search vendor "Apache" for product "Subversion" and version "1.4.2"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.4.3
Search vendor "Apache" for product "Subversion" and version "1.4.3"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.4.4
Search vendor "Apache" for product "Subversion" and version "1.4.4"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.4.5
Search vendor "Apache" for product "Subversion" and version "1.4.5"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.4.6
Search vendor "Apache" for product "Subversion" and version "1.4.6"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.0
Search vendor "Apache" for product "Subversion" and version "1.5.0"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.1
Search vendor "Apache" for product "Subversion" and version "1.5.1"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.2
Search vendor "Apache" for product "Subversion" and version "1.5.2"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.3
Search vendor "Apache" for product "Subversion" and version "1.5.3"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.4
Search vendor "Apache" for product "Subversion" and version "1.5.4"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.5
Search vendor "Apache" for product "Subversion" and version "1.5.5"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.6
Search vendor "Apache" for product "Subversion" and version "1.5.6"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.7
Search vendor "Apache" for product "Subversion" and version "1.5.7"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.5.8
Search vendor "Apache" for product "Subversion" and version "1.5.8"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.0
Search vendor "Apache" for product "Subversion" and version "1.6.0"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.1
Search vendor "Apache" for product "Subversion" and version "1.6.1"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.2
Search vendor "Apache" for product "Subversion" and version "1.6.2"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.3
Search vendor "Apache" for product "Subversion" and version "1.6.3"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.4
Search vendor "Apache" for product "Subversion" and version "1.6.4"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.5
Search vendor "Apache" for product "Subversion" and version "1.6.5"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.6
Search vendor "Apache" for product "Subversion" and version "1.6.6"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.7
Search vendor "Apache" for product "Subversion" and version "1.6.7"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.8
Search vendor "Apache" for product "Subversion" and version "1.6.8"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.9
Search vendor "Apache" for product "Subversion" and version "1.6.9"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.10
Search vendor "Apache" for product "Subversion" and version "1.6.10"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.11
Search vendor "Apache" for product "Subversion" and version "1.6.11"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.12
Search vendor "Apache" for product "Subversion" and version "1.6.12"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.13
Search vendor "Apache" for product "Subversion" and version "1.6.13"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.14
Search vendor "Apache" for product "Subversion" and version "1.6.14"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.15
Search vendor "Apache" for product "Subversion" and version "1.6.15"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.16
Search vendor "Apache" for product "Subversion" and version "1.6.16"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.17
Search vendor "Apache" for product "Subversion" and version "1.6.17"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.18
Search vendor "Apache" for product "Subversion" and version "1.6.18"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.19
Search vendor "Apache" for product "Subversion" and version "1.6.19"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.20
Search vendor "Apache" for product "Subversion" and version "1.6.20"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.21
Search vendor "Apache" for product "Subversion" and version "1.6.21"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.6.23
Search vendor "Apache" for product "Subversion" and version "1.6.23"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.0
Search vendor "Apache" for product "Subversion" and version "1.7.0"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.1
Search vendor "Apache" for product "Subversion" and version "1.7.1"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.2
Search vendor "Apache" for product "Subversion" and version "1.7.2"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.3
Search vendor "Apache" for product "Subversion" and version "1.7.3"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.4
Search vendor "Apache" for product "Subversion" and version "1.7.4"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.5
Search vendor "Apache" for product "Subversion" and version "1.7.5"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.6
Search vendor "Apache" for product "Subversion" and version "1.7.6"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.7
Search vendor "Apache" for product "Subversion" and version "1.7.7"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.8
Search vendor "Apache" for product "Subversion" and version "1.7.8"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.9
Search vendor "Apache" for product "Subversion" and version "1.7.9"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.10
Search vendor "Apache" for product "Subversion" and version "1.7.10"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.11
Search vendor "Apache" for product "Subversion" and version "1.7.11"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.12
Search vendor "Apache" for product "Subversion" and version "1.7.12"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.13
Search vendor "Apache" for product "Subversion" and version "1.7.13"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.14
Search vendor "Apache" for product "Subversion" and version "1.7.14"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.15
Search vendor "Apache" for product "Subversion" and version "1.7.15"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.16
Search vendor "Apache" for product "Subversion" and version "1.7.16"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.7.17
Search vendor "Apache" for product "Subversion" and version "1.7.17"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.0
Search vendor "Apache" for product "Subversion" and version "1.8.0"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.1
Search vendor "Apache" for product "Subversion" and version "1.8.1"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.2
Search vendor "Apache" for product "Subversion" and version "1.8.2"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.3
Search vendor "Apache" for product "Subversion" and version "1.8.3"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.4
Search vendor "Apache" for product "Subversion" and version "1.8.4"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.5
Search vendor "Apache" for product "Subversion" and version "1.8.5"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.6
Search vendor "Apache" for product "Subversion" and version "1.8.6"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.7
Search vendor "Apache" for product "Subversion" and version "1.8.7"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.8
Search vendor "Apache" for product "Subversion" and version "1.8.8"
-
Affected
Apache
Search vendor "Apache"
Subversion
Search vendor "Apache" for product "Subversion"
1.8.9
Search vendor "Apache" for product "Subversion" and version "1.8.9"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.2.0
Search vendor "Serf Project" for product "Serf" and version "0.2.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.3.0
Search vendor "Serf Project" for product "Serf" and version "0.3.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.3.1
Search vendor "Serf Project" for product "Serf" and version "0.3.1"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.4.0
Search vendor "Serf Project" for product "Serf" and version "0.4.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.5.0
Search vendor "Serf Project" for product "Serf" and version "0.5.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.6.0
Search vendor "Serf Project" for product "Serf" and version "0.6.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.6.1
Search vendor "Serf Project" for product "Serf" and version "0.6.1"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.7.0
Search vendor "Serf Project" for product "Serf" and version "0.7.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.7.1
Search vendor "Serf Project" for product "Serf" and version "0.7.1"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
0.7.2
Search vendor "Serf Project" for product "Serf" and version "0.7.2"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.0.0
Search vendor "Serf Project" for product "Serf" and version "1.0.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.0.1
Search vendor "Serf Project" for product "Serf" and version "1.0.1"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.0.2
Search vendor "Serf Project" for product "Serf" and version "1.0.2"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.0.3
Search vendor "Serf Project" for product "Serf" and version "1.0.3"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.1.0
Search vendor "Serf Project" for product "Serf" and version "1.1.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.1.1
Search vendor "Serf Project" for product "Serf" and version "1.1.1"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.2.0
Search vendor "Serf Project" for product "Serf" and version "1.2.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.2.1
Search vendor "Serf Project" for product "Serf" and version "1.2.1"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.3.0
Search vendor "Serf Project" for product "Serf" and version "1.3.0"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.3.1
Search vendor "Serf Project" for product "Serf" and version "1.3.1"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.3.2
Search vendor "Serf Project" for product "Serf" and version "1.3.2"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.3.3
Search vendor "Serf Project" for product "Serf" and version "1.3.3"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.3.4
Search vendor "Serf Project" for product "Serf" and version "1.3.4"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.3.5
Search vendor "Serf Project" for product "Serf" and version "1.3.5"
-
Affected
Serf Project
Search vendor "Serf Project"
Serf
Search vendor "Serf Project" for product "Serf"
1.3.6
Search vendor "Serf Project" for product "Serf" and version "1.3.6"
-
Affected