CVE-2014-3528

high

Description

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

References

Advisories
More

https://support.apple.com/HT204427

http://rhn.redhat.com/errata/RHSA-2015-0166.html

http://rhn.redhat.com/errata/RHSA-2015-0165.html

http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html

http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html

https://security.gentoo.org/glsa/201610-05

http://www.ubuntu.com/usn/USN-2316-1

http://www.securityfocus.com/bid/68995

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://subversion.apache.org/security/CVE-2014-3528-advisory.txt

http://secunia.com/advisories/60722

http://secunia.com/advisories/59584

http://secunia.com/advisories/59432

Details

Source: Mitre, NVD

Published: 2014-08-19

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.03108