Improper Wildcard Handling in Apache Subversion by Apache Software Foundation
CVE-2014-3522

Currently unrated

Key Information:

Vendor: Apache
Status: Subversion
Vendor: CVE Published:; 19 August 2014

Summary

The Serf RA layer in Apache Subversion versions 1.4.0 to 1.7.x before 1.7.18 and 1.8.x before 1.8.10 is susceptible to improper handling of wildcards in the Common Name (CN) or subjectAltName field of X.509 certificates, creating a risk of man-in-the-middle attacks. This vulnerability permits unauthorized actors to forge crafted certificates, allowing them to masquerade as legitimate servers, potentially compromising sensitive data exchanged between clients and servers.

References

http://secunia.com/advisories/59432

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-2316-1

vendor-advisoryx_refsource_UBUNTU

https://support.apple.com/HT204427

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 19, 2014
Vulnerability Reserved
May 14, 2014