CVE-2014-3528
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
19/08/2014
Last modified:
12/04/2025
Description
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2015-0165.html
- http://rhn.redhat.com/errata/RHSA-2015-0166.html
- http://secunia.com/advisories/59432
- http://secunia.com/advisories/59584
- http://secunia.com/advisories/60722
- http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/68995
- http://www.ubuntu.com/usn/USN-2316-1
- https://security.gentoo.org/glsa/201610-05
- https://support.apple.com/HT204427
- http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2015-0165.html
- http://rhn.redhat.com/errata/RHSA-2015-0166.html
- http://secunia.com/advisories/59432
- http://secunia.com/advisories/59584
- http://secunia.com/advisories/60722
- http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/68995
- http://www.ubuntu.com/usn/USN-2316-1
- https://security.gentoo.org/glsa/201610-05
- https://support.apple.com/HT204427