CVE-2014-3522

Currently unrated

Key Information:

Vendor: Apache
Status: Subversion
Vendor: CVE Published:; 19 August 2014

Summary

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

References

http://secunia.com/advisories/59432

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-2316-1

vendor-advisoryx_refsource_UBUNTU

https://support.apple.com/HT204427

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 19, 2014
Vulnerability Reserved
May 14, 2014