CVE-2014-3528

high

Description

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

References

https://support.apple.com/HT204427

https://security.gentoo.org/glsa/201610-05

http://www.ubuntu.com/usn/USN-2316-1

http://www.securityfocus.com/bid/68995

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://subversion.apache.org/security/CVE-2014-3528-advisory.txt

http://secunia.com/advisories/60722

http://secunia.com/advisories/59584

http://secunia.com/advisories/59432

http://rhn.redhat.com/errata/RHSA-2015-0166.html

http://rhn.redhat.com/errata/RHSA-2015-0165.html

http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

Details

Source: Mitre, NVD

Published: 2014-08-19

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: High