CVE-2014-3528
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
Known Affected Software
103 configuration(s) from 5 vendor(s)
subversion
Version:
1.8.4
CPE:
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
subversion
Version:
1.8.9
CPE:
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
subversion
Version:
1.1.1
CPE:
cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
subversion
Version:
1.2.1
CPE:
cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
subversion
Version:
1.8.8
CPE:
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
subversion
Version:
1.3.1
CPE:
cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
subversion
Version:
1.6.1
CPE:
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
subversion
Version:
1.6.14
CPE:
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
subversion
Version:
1.0.8
CPE:
cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
subversion
Version:
1.6.0
CPE:
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
subversion
Version:
1.7.5
CPE:
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
subversion
Version:
1.8.2
CPE:
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
subversion
Version:
1.5.2
CPE:
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
subversion
Version:
1.6.9
CPE:
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
subversion
Version:
1.6.3
CPE:
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
subversion
Version:
1.4.3
CPE:
cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
subversion
Version:
1.6.4
CPE:
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
subversion
Version:
1.7.11
CPE:
cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
subversion
Version:
1.6.6
CPE:
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
subversion
Version:
1.7.13
CPE:
cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
subversion
Version:
1.8.5
CPE:
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
subversion
Version:
1.4.6
CPE:
cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
subversion
Version:
1.8.0
CPE:
cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
subversion
Version:
1.4.0
CPE:
cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
subversion
Version:
1.6.10
CPE:
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
subversion
Version:
1.7.17
CPE:
cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
subversion
Version:
1.0.0
CPE:
cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
subversion
Version:
1.4.2
CPE:
cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
subversion
Version:
1.4.1
CPE:
cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
subversion
Version:
1.0.7
CPE:
cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
subversion
Version:
1.6.19
CPE:
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
subversion
Version:
1.6.11
CPE:
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
subversion
Version:
1.8.6
CPE:
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
subversion
Version:
1.5.3
CPE:
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
subversion
Version:
1.6.17
CPE:
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
subversion
Version:
1.1.3
CPE:
cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
subversion
Version:
1.2.2
CPE:
cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
subversion
Version:
1.6.23
CPE:
cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
subversion
Version:
1.6.15
CPE:
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
subversion
Version:
1.6.8
CPE:
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
subversion
Version:
1.7.8
CPE:
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
subversion
Version:
1.6.7
CPE:
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
subversion
Version:
1.8.3
CPE:
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
subversion
Version:
1.6.5
CPE:
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
subversion
Version:
1.7.0
CPE:
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
subversion
Version:
1.6.2
CPE:
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
subversion
Version:
1.4.5
CPE:
cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
subversion
Version:
1.0.1
CPE:
cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
subversion
Version:
1.7.12
CPE:
cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
subversion
Version:
1.7.14
CPE:
cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
subversion
Version:
1.2.0
CPE:
cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
subversion
Version:
1.0.4
CPE:
cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
subversion
Version:
1.4.4
CPE:
cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
subversion
Version:
1.0.5
CPE:
cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
subversion
Version:
1.0.2
CPE:
cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
subversion
Version:
1.6.20
CPE:
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
subversion
Version:
1.8.7
CPE:
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
subversion
Version:
1.3.2
CPE:
cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
subversion
Version:
1.7.10
CPE:
cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
subversion
Version:
1.0.6
CPE:
cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
subversion
Version:
1.6.13
CPE:
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
subversion
Version:
1.7.2
CPE:
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
subversion
Version:
1.7.4
CPE:
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
subversion
Version:
1.1.4
CPE:
cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
subversion
Version:
1.0.3
CPE:
cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
subversion
Version:
1.5.5
CPE:
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
subversion
Version:
1.7.15
CPE:
cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
subversion
Version:
1.5.1
CPE:
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
subversion
Version:
1.6.12
CPE:
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
subversion
Version:
1.7.3
CPE:
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
subversion
Version:
1.5.8
CPE:
cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
subversion
Version:
1.2.3
CPE:
cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
subversion
Version:
1.0.9
CPE:
cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
subversion
Version:
1.5.7
CPE:
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
subversion
Version:
1.1.2
CPE:
cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
subversion
Version:
1.8.1
CPE:
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
subversion
Version:
1.6.21
CPE:
cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
subversion
Version:
1.5.0
CPE:
cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
subversion
Version:
1.7.16
CPE:
cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
subversion
Version:
1.3.0
CPE:
cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
subversion
Version:
1.6.16
CPE:
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
subversion
Version:
1.5.4
CPE:
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
subversion
Version:
1.7.6
CPE:
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
subversion
Version:
1.6.18
CPE:
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
subversion
Version:
1.7.7
CPE:
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
subversion
Version:
1.5.6
CPE:
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
subversion
Version:
1.7.1
CPE:
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
subversion
Version:
1.1.0
CPE:
cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
subversion
Version:
1.7.9
CPE:
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
xcode
Version:
6.1.1
CPE:
cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
12.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
opensuse
Version:
12.3
CPE:
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
opensuse
Version:
13.1
CPE:
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
enterprise_linux_workstation
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_eus
Version:
6.6.z
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_hpc_node
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
enterprise_linux_hpc_node
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*
enterprise_linux_desktop
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
This vulnerability affects 103 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.htmlsecalert@redhat.com Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0165.htmlsecalert@redhat.com Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0166.htmlsecalert@redhat.com Third Party Advisory
-
http://secunia.com/advisories/59432secalert@redhat.com
-
http://secunia.com/advisories/59584secalert@redhat.com
-
http://secunia.com/advisories/60722secalert@redhat.com
-
http://subversion.apache.org/security/CVE-2014-3528-advisory.txtsecalert@redhat.com Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlsecalert@redhat.com
-
http://www.securityfocus.com/bid/68995secalert@redhat.com
-
http://www.ubuntu.com/usn/USN-2316-1secalert@redhat.com Vendor Advisory
-
https://security.gentoo.org/glsa/201610-05secalert@redhat.com
-
https://support.apple.com/HT204427secalert@redhat.com Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0165.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0166.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://secunia.com/advisories/59432af854a3a-2127-422b-91ae-364da2661108
-
http://secunia.com/advisories/59584af854a3a-2127-422b-91ae-364da2661108
-
http://secunia.com/advisories/60722af854a3a-2127-422b-91ae-364da2661108
-
http://subversion.apache.org/security/CVE-2014-3528-advisory.txtaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/68995af854a3a-2127-422b-91ae-364da2661108
-
http://www.ubuntu.com/usn/USN-2316-1af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://security.gentoo.org/glsa/201610-05af854a3a-2127-422b-91ae-364da2661108
-
https://support.apple.com/HT204427af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
out of 10.0
Low
Key Information
- Published Date
- August 19, 2014
