CVE-2014-3528

medium

Description

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

References

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

http://rhn.redhat.com/errata/RHSA-2015-0165.html

http://rhn.redhat.com/errata/RHSA-2015-0166.html

http://secunia.com/advisories/59432

http://secunia.com/advisories/59584

http://secunia.com/advisories/60722

http://subversion.apache.org/security/CVE-2014-3528-advisory.txt

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/68995

http://www.ubuntu.com/usn/USN-2316-1

https://security.gentoo.org/glsa/201610-05

https://support.apple.com/HT204427

Details

Source: MITRE

Published: 2014-08-19

Updated: 2018-10-30

Type: CWE-255

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 4.9

Severity: MEDIUM