CVE-2014-3522

Published: Aug 19, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability: 4.9 / Impact: 4.9

Source: NVD

Description

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected (72)

Products: Apache: Subversion · Opensuse: Opensuse · Canonical: Ubuntu Linux · +1 more

Show all products

Apache: Subversion · Opensuse: Opensuse · Canonical: Ubuntu Linux · Apple: Xcode

1 product

1 product

1 product

1 product

Configuration A

67 vulnerable

Vulnerable Software	Affected Versions
Apache Subversion	Version 1.4.0
Apache Subversion	Version 1.4.1
Apache Subversion	Version 1.4.2
Apache Subversion	Version 1.4.3
Apache Subversion	Version 1.4.4
Apache Subversion	Version 1.4.5
Apache Subversion	Version 1.4.6
Apache Subversion	Version 1.5.0
Apache Subversion	Version 1.5.1
Apache Subversion	Version 1.5.2
Apache Subversion	Version 1.5.3
Apache Subversion	Version 1.5.4
Apache Subversion	Version 1.5.5
Apache Subversion	Version 1.5.6
Apache Subversion	Version 1.5.7
Apache Subversion	Version 1.5.8
Apache Subversion	Version 1.6.0
Apache Subversion	Version 1.6.10
Apache Subversion	Version 1.6.11
Apache Subversion	Version 1.6.12
Apache Subversion	Version 1.6.13
Apache Subversion	Version 1.6.14
Apache Subversion	Version 1.6.15
Apache Subversion	Version 1.6.16
Apache Subversion	Version 1.6.17
Apache Subversion	Version 1.6.18
Apache Subversion	Version 1.6.19
Apache Subversion	Version 1.6.1
Apache Subversion	Version 1.6.20
Apache Subversion	Version 1.6.21
Apache Subversion	Version 1.6.23
Apache Subversion	Version 1.6.2
Apache Subversion	Version 1.6.3
Apache Subversion	Version 1.6.4
Apache Subversion	Version 1.6.5
Apache Subversion	Version 1.6.6
Apache Subversion	Version 1.6.7
Apache Subversion	Version 1.6.8
Apache Subversion	Version 1.6.9
Apache Subversion	Version 1.7.0
Apache Subversion	Version 1.7.10
Apache Subversion	Version 1.7.11
Apache Subversion	Version 1.7.12
Apache Subversion	Version 1.7.13
Apache Subversion	Version 1.7.14
Apache Subversion	Version 1.7.15
Apache Subversion	Version 1.7.16
Apache Subversion	Version 1.7.17
Apache Subversion	Version 1.7.1
Apache Subversion	Version 1.7.2
Apache Subversion	Version 1.7.3
Apache Subversion	Version 1.7.4
Apache Subversion	Version 1.7.5
Apache Subversion	Version 1.7.6
Apache Subversion	Version 1.7.7
Apache Subversion	Version 1.7.8
Apache Subversion	Version 1.7.9
Apache Subversion	Version 1.8.0
Apache Subversion	Version 1.8.1
Apache Subversion	Version 1.8.2
Apache Subversion	Version 1.8.3
Apache Subversion	Version 1.8.4
Apache Subversion	Version 1.8.5
Apache Subversion	Version 1.8.6
Apache Subversion	Version 1.8.7
Apache Subversion	Version 1.8.8
Apache Subversion	Version 1.8.9

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Apple Xcode	Version 6.1.1

Related CWEs

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (30)

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/59432

Source: secalert@redhat.com

http://secunia.com/advisories/59584

Source: secalert@redhat.com

http://secunia.com/advisories/60100

Source: secalert@redhat.com

http://secunia.com/advisories/60722

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: secalert@redhat.com

http://www.osvdb.org/109996

Source: secalert@redhat.com

http://www.securityfocus.com/bid/69237

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2316-1

Source: secalert@redhat.com

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95090

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/95311

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201610-05

Source: secalert@redhat.com

https://subversion.apache.org/security/CVE-2014-3522-advisory.txt

Source: secalert@redhat.com

PatchVendor Advisory

https://support.apple.com/HT204427

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/59432

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59584

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60100

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60722

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/109996

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69237

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2316-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95090

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/95311

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201610-05

Source: af854a3a-2127-422b-91ae-364da2661108

https://subversion.apache.org/security/CVE-2014-3522-advisory.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://support.apple.com/HT204427

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.