CVE-2014-3522
First published: Tue Aug 19 2014(Updated: )
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CollabNet Subversion | =1.4.0 | |
| CollabNet Subversion | =1.4.1 | |
| CollabNet Subversion | =1.4.2 | |
| CollabNet Subversion | =1.4.3 | |
| CollabNet Subversion | =1.4.4 | |
| CollabNet Subversion | =1.4.5 | |
| CollabNet Subversion | =1.4.6 | |
| CollabNet Subversion | =1.5.0 | |
| CollabNet Subversion | =1.5.1 | |
| CollabNet Subversion | =1.5.2 | |
| CollabNet Subversion | =1.5.3 | |
| CollabNet Subversion | =1.5.4 | |
| CollabNet Subversion | =1.5.5 | |
| CollabNet Subversion | =1.5.6 | |
| CollabNet Subversion | =1.5.7 | |
| CollabNet Subversion | =1.5.8 | |
| CollabNet Subversion | =1.6.0 | |
| CollabNet Subversion | =1.6.1 | |
| CollabNet Subversion | =1.6.2 | |
| CollabNet Subversion | =1.6.3 | |
| CollabNet Subversion | =1.6.4 | |
| CollabNet Subversion | =1.6.5 | |
| CollabNet Subversion | =1.6.6 | |
| CollabNet Subversion | =1.6.7 | |
| CollabNet Subversion | =1.6.8 | |
| CollabNet Subversion | =1.6.9 | |
| CollabNet Subversion | =1.6.10 | |
| CollabNet Subversion | =1.6.11 | |
| CollabNet Subversion | =1.6.12 | |
| CollabNet Subversion | =1.6.13 | |
| CollabNet Subversion | =1.6.14 | |
| CollabNet Subversion | =1.6.15 | |
| CollabNet Subversion | =1.6.16 | |
| CollabNet Subversion | =1.6.17 | |
| CollabNet Subversion | =1.6.18 | |
| CollabNet Subversion | =1.6.19 | |
| CollabNet Subversion | =1.6.20 | |
| CollabNet Subversion | =1.6.21 | |
| CollabNet Subversion | =1.6.23 | |
| CollabNet Subversion | =1.7.0 | |
| CollabNet Subversion | =1.7.1 | |
| CollabNet Subversion | =1.7.2 | |
| CollabNet Subversion | =1.7.3 | |
| CollabNet Subversion | =1.7.4 | |
| CollabNet Subversion | =1.7.5 | |
| CollabNet Subversion | =1.7.6 | |
| CollabNet Subversion | =1.7.7 | |
| CollabNet Subversion | =1.7.8 | |
| CollabNet Subversion | =1.7.9 | |
| CollabNet Subversion | =1.7.10 | |
| CollabNet Subversion | =1.7.11 | |
| CollabNet Subversion | =1.7.12 | |
| CollabNet Subversion | =1.7.13 | |
| CollabNet Subversion | =1.7.14 | |
| CollabNet Subversion | =1.7.15 | |
| CollabNet Subversion | =1.7.16 | |
| CollabNet Subversion | =1.7.17 | |
| CollabNet Subversion | =1.8.0 | |
| CollabNet Subversion | =1.8.1 | |
| CollabNet Subversion | =1.8.2 | |
| CollabNet Subversion | =1.8.3 | |
| CollabNet Subversion | =1.8.4 | |
| CollabNet Subversion | =1.8.5 | |
| CollabNet Subversion | =1.8.6 | |
| CollabNet Subversion | =1.8.7 | |
| CollabNet Subversion | =1.8.8 | |
| CollabNet Subversion | =1.8.9 | |
| openSUSE | =12.3 | |
| openSUSE | =13.1 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Apple Xcode | =6.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html
- http://secunia.com/advisories/59432
- http://secunia.com/advisories/59584
- http://secunia.com/advisories/60100
- http://secunia.com/advisories/60722
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.osvdb.org/109996
- http://www.securityfocus.com/bid/69237
- http://www.ubuntu.com/usn/USN-2316-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95311
- https://security.gentoo.org/glsa/201610-05
- https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
- https://support.apple.com/HT204427
Frequently Asked Questions
What is the severity of CVE-2014-3522?
CVE-2014-3522 has a medium severity rating due to the potential for man-in-the-middle attacks.
How do I fix CVE-2014-3522?
To fix CVE-2014-3522, upgrade to Apache Subversion version 1.7.18 or later, or 1.8.10 or later.
What types of attacks can CVE-2014-3522 facilitate?
CVE-2014-3522 can facilitate man-in-the-middle attacks that allow attackers to spoof servers via crafted certificates.
Which versions of Apache Subversion are affected by CVE-2014-3522?
CVE-2014-3522 affects Apache Subversion versions 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10.
Is any specific configuration needed to exploit CVE-2014-3522?
Exploitation of CVE-2014-3522 does not require any specific configuration, merely a crafted X.509 certificate.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/collabnet subversion
- version/collabnet subversion/1.4.0
- version/collabnet subversion/1.4.1
- version/collabnet subversion/1.4.2
- version/collabnet subversion/1.4.3
- version/collabnet subversion/1.4.4
- version/collabnet subversion/1.4.5
- version/collabnet subversion/1.4.6
- version/collabnet subversion/1.5.0
- version/collabnet subversion/1.5.1
- version/collabnet subversion/1.5.2
- version/collabnet subversion/1.5.3
- version/collabnet subversion/1.5.4
- version/collabnet subversion/1.5.5
- version/collabnet subversion/1.5.6
- version/collabnet subversion/1.5.7
- version/collabnet subversion/1.5.8
- version/collabnet subversion/1.6.0
- version/collabnet subversion/1.6.1
- version/collabnet subversion/1.6.2
- version/collabnet subversion/1.6.3
- version/collabnet subversion/1.6.4
- version/collabnet subversion/1.6.5
- version/collabnet subversion/1.6.6
- version/collabnet subversion/1.6.7
- version/collabnet subversion/1.6.8
- version/collabnet subversion/1.6.9
- version/collabnet subversion/1.6.10
- version/collabnet subversion/1.6.11
- version/collabnet subversion/1.6.12
- version/collabnet subversion/1.6.13
- version/collabnet subversion/1.6.14
- version/collabnet subversion/1.6.15
- version/collabnet subversion/1.6.16
- version/collabnet subversion/1.6.17
- version/collabnet subversion/1.6.18
- version/collabnet subversion/1.6.19
- version/collabnet subversion/1.6.20
- version/collabnet subversion/1.6.21
- version/collabnet subversion/1.6.23
- version/collabnet subversion/1.7.0
- version/collabnet subversion/1.7.1
- version/collabnet subversion/1.7.2
- version/collabnet subversion/1.7.3
- version/collabnet subversion/1.7.4
- version/collabnet subversion/1.7.5
- version/collabnet subversion/1.7.6
- version/collabnet subversion/1.7.7
- version/collabnet subversion/1.7.8
- version/collabnet subversion/1.7.9
- version/collabnet subversion/1.7.10
- version/collabnet subversion/1.7.11
- version/collabnet subversion/1.7.12
- version/collabnet subversion/1.7.13
- version/collabnet subversion/1.7.14
- version/collabnet subversion/1.7.15
- version/collabnet subversion/1.7.16
- version/collabnet subversion/1.7.17
- version/collabnet subversion/1.8.0
- version/collabnet subversion/1.8.1
- version/collabnet subversion/1.8.2
- version/collabnet subversion/1.8.3
- version/collabnet subversion/1.8.4
- version/collabnet subversion/1.8.5
- version/collabnet subversion/1.8.6
- version/collabnet subversion/1.8.7
- version/collabnet subversion/1.8.8
- version/collabnet subversion/1.8.9
- vendor/opensuse
- canonical/opensuse
- version/opensuse/12.3
- version/opensuse/13.1
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- vendor/apple
- canonical/apple xcode
- version/apple xcode/6.1.1