Improper Handling of NUL Byte in SSL Certificate Common Name Field in Serf by Apache
CVE-2014-3504

Currently unrated

Key Information:

Vendor

Apache
Status
Subversion
Vendor
CVE Published:
19 August 2014

What is CVE-2014-3504?

The Serf library versions 0.2.0 to 1.3.x prior to 1.3.7 improperly handle NUL bytes in the domain name of the Common Name (CN) field within X.509 certificates. This flaw permits man-in-the-middle attackers to deceptively represent any SSL server by exploiting a crafted certificate that is issued by a trusted Certification Authority. As a result, users may be susceptible to various security threats, including session hijacking and data interception.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://ubuntu.com/usn/usn-2315-1
vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/69238
vdb-entryx_refsource_BID
http://secunia.com/advisories/60721
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.