CVE-2014-3522
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
La capa Serf RA en Apache Subversion 1.4.0 hasta 1.7.x anterior a 1.7.18 y 1.8.x anterior a 1.8.10 no maneja debidamente los comodines (wildcards) en el campo Common Name (CN) o subjectAltName de un certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-14 CVE Reserved
- 2014-08-14 CVE Published
- 2024-03-31 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-297: Improper Validation of Certificate with Host Mismatch
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/59432 | Third Party Advisory | |
| http://secunia.com/advisories/59584 | Third Party Advisory | |
| http://secunia.com/advisories/60100 | Third Party Advisory | |
| http://secunia.com/advisories/60722 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | X_refsource_confirm |
|
| http://www.osvdb.org/109996 | Vdb Entry | |
| http://www.securityfocus.com/bid/69237 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95090 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95311 | Vdb Entry | |
| https://support.apple.com/HT204427 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://subversion.apache.org/security/CVE-2014-3522-advisory.txt | 2018-10-30 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html | 2018-10-30 | |
| http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html | 2018-10-30 | |
| http://www.ubuntu.com/usn/USN-2316-1 | 2018-10-30 | |
| https://security.gentoo.org/glsa/201610-05 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.0 Search vendor "Apache" for product "Subversion" and version "1.4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.1 Search vendor "Apache" for product "Subversion" and version "1.4.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.2 Search vendor "Apache" for product "Subversion" and version "1.4.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.3 Search vendor "Apache" for product "Subversion" and version "1.4.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.4 Search vendor "Apache" for product "Subversion" and version "1.4.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.5 Search vendor "Apache" for product "Subversion" and version "1.4.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.4.6 Search vendor "Apache" for product "Subversion" and version "1.4.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.0 Search vendor "Apache" for product "Subversion" and version "1.5.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.1 Search vendor "Apache" for product "Subversion" and version "1.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.2 Search vendor "Apache" for product "Subversion" and version "1.5.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.3 Search vendor "Apache" for product "Subversion" and version "1.5.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.4 Search vendor "Apache" for product "Subversion" and version "1.5.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.5 Search vendor "Apache" for product "Subversion" and version "1.5.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.6 Search vendor "Apache" for product "Subversion" and version "1.5.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.7 Search vendor "Apache" for product "Subversion" and version "1.5.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.5.8 Search vendor "Apache" for product "Subversion" and version "1.5.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.0 Search vendor "Apache" for product "Subversion" and version "1.6.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.1 Search vendor "Apache" for product "Subversion" and version "1.6.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.2 Search vendor "Apache" for product "Subversion" and version "1.6.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.3 Search vendor "Apache" for product "Subversion" and version "1.6.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.4 Search vendor "Apache" for product "Subversion" and version "1.6.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.5 Search vendor "Apache" for product "Subversion" and version "1.6.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.6 Search vendor "Apache" for product "Subversion" and version "1.6.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.7 Search vendor "Apache" for product "Subversion" and version "1.6.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.8 Search vendor "Apache" for product "Subversion" and version "1.6.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.9 Search vendor "Apache" for product "Subversion" and version "1.6.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.10 Search vendor "Apache" for product "Subversion" and version "1.6.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.11 Search vendor "Apache" for product "Subversion" and version "1.6.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.12 Search vendor "Apache" for product "Subversion" and version "1.6.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.13 Search vendor "Apache" for product "Subversion" and version "1.6.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.14 Search vendor "Apache" for product "Subversion" and version "1.6.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.15 Search vendor "Apache" for product "Subversion" and version "1.6.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.16 Search vendor "Apache" for product "Subversion" and version "1.6.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.17 Search vendor "Apache" for product "Subversion" and version "1.6.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.18 Search vendor "Apache" for product "Subversion" and version "1.6.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.19 Search vendor "Apache" for product "Subversion" and version "1.6.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.20 Search vendor "Apache" for product "Subversion" and version "1.6.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.21 Search vendor "Apache" for product "Subversion" and version "1.6.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.6.23 Search vendor "Apache" for product "Subversion" and version "1.6.23" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.0 Search vendor "Apache" for product "Subversion" and version "1.7.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.1 Search vendor "Apache" for product "Subversion" and version "1.7.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.2 Search vendor "Apache" for product "Subversion" and version "1.7.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.3 Search vendor "Apache" for product "Subversion" and version "1.7.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.4 Search vendor "Apache" for product "Subversion" and version "1.7.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.5 Search vendor "Apache" for product "Subversion" and version "1.7.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.6 Search vendor "Apache" for product "Subversion" and version "1.7.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.7 Search vendor "Apache" for product "Subversion" and version "1.7.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.8 Search vendor "Apache" for product "Subversion" and version "1.7.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.9 Search vendor "Apache" for product "Subversion" and version "1.7.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.10 Search vendor "Apache" for product "Subversion" and version "1.7.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.11 Search vendor "Apache" for product "Subversion" and version "1.7.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.12 Search vendor "Apache" for product "Subversion" and version "1.7.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.13 Search vendor "Apache" for product "Subversion" and version "1.7.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.14 Search vendor "Apache" for product "Subversion" and version "1.7.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.15 Search vendor "Apache" for product "Subversion" and version "1.7.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.16 Search vendor "Apache" for product "Subversion" and version "1.7.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.7.17 Search vendor "Apache" for product "Subversion" and version "1.7.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.0 Search vendor "Apache" for product "Subversion" and version "1.8.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.1 Search vendor "Apache" for product "Subversion" and version "1.8.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.2 Search vendor "Apache" for product "Subversion" and version "1.8.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.3 Search vendor "Apache" for product "Subversion" and version "1.8.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.4 Search vendor "Apache" for product "Subversion" and version "1.8.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.5 Search vendor "Apache" for product "Subversion" and version "1.8.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.6 Search vendor "Apache" for product "Subversion" and version "1.8.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.7 Search vendor "Apache" for product "Subversion" and version "1.8.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.8 Search vendor "Apache" for product "Subversion" and version "1.8.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Subversion Search vendor "Apache" for product "Subversion" | 1.8.9 Search vendor "Apache" for product "Subversion" and version "1.8.9" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.3 Search vendor "Opensuse" for product "Opensuse" and version "12.3" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Apple Search vendor "Apple" | Xcode Search vendor "Apple" for product "Xcode" | 6.1.1 Search vendor "Apple" for product "Xcode" and version "6.1.1" | - |
Affected
| ||||||