var-201408-0086
Vulnerability from variot

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Supplementary information : CWE Vulnerability type by CWE-297: Improper Validation of Certificate with Host Mismatch ( Improper validation of certificates due to host mismatch ) Has been identified. http://cwe.mitre.org/data/definitions/297.htmlA man-in-the-middle attack can impersonate a server through a crafted certificate. Apache Subversion is prone to an information disclosure vulnerability. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). The vulnerability stems from the fact that the program does not correctly handle the Common Name ( CN) or a wildcard for the subjectAltName field. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2015:085 http://www.mandriva.com/en/support/security/


Package : subversion Date : March 28, 2015 Affected: Business Server 2.0


Problem Description:

Updated subversion packages fix security vulnerabilities:

The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032).

Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards.

Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528).

A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580).

A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108).


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528 http://advisories.mageia.org/MGASA-2014-0105.html http://advisories.mageia.org/MGASA-2014-0339.html http://advisories.mageia.org/MGASA-2014-0545.html


Updated Packages:

Mandriva Business Server 2/X86_64: 3c1e67f77228815883b105a8e62a10e0 mbs2/x86_64/apache-mod_dav_svn-1.8.11-1.mbs2.x86_64.rpm 35c5f1efb679c09bc48d917b94954713 mbs2/x86_64/lib64svn0-1.8.11-1.mbs2.x86_64.rpm 56722eb7ac7b08654d795a5981ebd210 mbs2/x86_64/lib64svnjavahl1-1.8.11-1.mbs2.x86_64.rpm e1479d1c61864767d56a147bb4ee9b7f mbs2/x86_64/perl-SVN-1.8.11-1.mbs2.x86_64.rpm 7c4d79f31b0559c22cc84f39a06f9da0 mbs2/x86_64/perl-svn-devel-1.8.11-1.mbs2.x86_64.rpm 14720ab01668a9d04b566d5102c09f68 mbs2/x86_64/python-svn-1.8.11-1.mbs2.x86_64.rpm 07db3a7142457efc1e0547fd40bbf03f mbs2/x86_64/python-svn-devel-1.8.11-1.mbs2.x86_64.rpm 8d0511abbed2c57f505183bf00c4ab0d mbs2/x86_64/ruby-svn-1.8.11-1.mbs2.x86_64.rpm 8d062f6dd429b87f2b1d432c92e9a84a mbs2/x86_64/ruby-svn-devel-1.8.11-1.mbs2.x86_64.rpm 31e14a18991a2383065a069d53d3cd4e mbs2/x86_64/subversion-1.8.11-1.mbs2.x86_64.rpm 1ce1c374c428409e8a6380d64b8706f8 mbs2/x86_64/subversion-devel-1.8.11-1.mbs2.x86_64.rpm 052411de41e785decc0bc130e2756eff mbs2/x86_64/subversion-doc-1.8.11-1.mbs2.x86_64.rpm 98c1473e3721e4c9a6996db448c6ff36 mbs2/x86_64/subversion-server-1.8.11-1.mbs2.x86_64.rpm 6ad3881116530af4d889bb6c142d70dc mbs2/x86_64/subversion-tools-1.8.11-1.mbs2.x86_64.rpm 3fb0c871a5771c8fe4c6475b5ac0406c mbs2/x86_64/svn-javahl-1.8.11-1.mbs2.x86_64.rpm 45e0624a89e4c79d4739cd4eb22d9a29 mbs2/SRPMS/subversion-1.8.11-1.mbs2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl NaJSaZq4W6qIMwD8fhQF5Ls= =R/mF -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2316-1 August 14, 2014

subversion vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Subversion.

Software Description: - subversion: Advanced version control system

Details:

Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-3528)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1

Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2316-1 CVE-2014-0032, CVE-2014-3522, CVE-2014-3528

Package Information: https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1 https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4 .


Gentoo Linux Security Advisory GLSA 201610-05


                                       https://security.gentoo.org/

Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05


Synopsis

Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.

Background

Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.

The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages

Description

Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.

Workaround

There is no known workaround at this time.

Resolution

All Subversion users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"

All Serf users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"

References

[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201610-05

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108

Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial

Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

  • Select Xcode in the menu bar
  • Select About Xcode
  • The version after applying this update will be "6.2"

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0086",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.8.9"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.7.17"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.7.9"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.7.7"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.7.6"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.7.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.7.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "1.8.7"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "1.8.0"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "1.8.8"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.8.5"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.8.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.11"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.10"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.23"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.21"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.20"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.19"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.18"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.14"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.13"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.12"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.11"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.10"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.6"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.5"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.8"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.7"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.5"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.4.6"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.8.6"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.8.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.8.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.8.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.8"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.5"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.15"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.14"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.13"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.7.12"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.9"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.8"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.7"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.17"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.16"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.15"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.6.0"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.6"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.5.0"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.4.5"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.4.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.4.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.4.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.4.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.4.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.7.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.7.16"
      },
      {
        "model": "subversion",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.8.x"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(os x mavericks v10.9.4 or later )"
      },
      {
        "model": "subversion",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.4.0 from  1.7.x"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "12.04 lts"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "14.04 lts"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.7.18"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.8.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.8"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.7"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.6.22"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.9"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.8"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.7"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.6"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.37"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.36"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.35"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.34"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.33"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.31"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.30"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.29"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.28.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.28.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.28"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.27"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.26"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.25"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.24.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.24.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.24"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.23"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.22.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.22.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.22"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.21"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.20.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.20"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.19"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.18.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.18"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.17.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.17"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.16.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.14.5"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.14.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.14.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.14.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.14"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.13.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.13.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.13"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.12"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.11.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.10.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.10.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.4.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.0"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.2.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.2.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.2.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.1.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.1.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.1.2"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.1.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.1.0"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.5"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.4"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.0.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.9"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.8"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.7"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.6"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.35.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.33.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.32.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.19.1"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.16"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.15"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.14.3"
      },
      {
        "model": "subversion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.10.0"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "subversion",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.8.10"
      },
      {
        "model": "subversion",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.7.18"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "69237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:subversion",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:xcode",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ben Reser",
    "sources": [
      {
        "db": "BID",
        "id": "69237"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3522",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2014-3522",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-71462",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-3522",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-3522",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201408-233",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71462",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3522",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Supplementary information : CWE Vulnerability type by CWE-297: Improper Validation of Certificate with Host Mismatch ( Improper validation of certificates due to host mismatch ) Has been identified. http://cwe.mitre.org/data/definitions/297.htmlA man-in-the-middle attack can impersonate a server through a crafted certificate. Apache Subversion is prone to an information disclosure vulnerability. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). The vulnerability stems from the fact that the program does not correctly handle the Common Name ( CN) or a wildcard for the subjectAltName field. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2015:085\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : subversion\n Date    : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated subversion packages fix security vulnerabilities:\n \n The mod_dav_svn module in Apache Subversion before 1.8.8, when\n SVNListParentPath is enabled, allows remote attackers to cause a\n denial of service (crash) via an OPTIONS request (CVE-2014-0032). \n \n Ben Reser discovered that Subversion did not correctly validate SSL\n certificates containing wildcards. \n \n Bert Huijben discovered that Subversion did not properly handle\n cached credentials. A malicious server could possibly use this issue\n to obtain credentials cached for a different server (CVE-2014-3528). \n \n A NULL pointer dereference flaw was found in the way mod_dav_svn\n handled REPORT requests. A remote, unauthenticated attacker could\n use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). \n \n A NULL pointer dereference flaw was found in the way mod_dav_svn\n handled URIs for virtual transaction names. A remote, unauthenticated\n attacker could send a request for a virtual transaction name that\n does not exist, causing mod_dav_svn to crash (CVE-2014-8108). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528\n http://advisories.mageia.org/MGASA-2014-0105.html\n http://advisories.mageia.org/MGASA-2014-0339.html\n http://advisories.mageia.org/MGASA-2014-0545.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 3c1e67f77228815883b105a8e62a10e0  mbs2/x86_64/apache-mod_dav_svn-1.8.11-1.mbs2.x86_64.rpm\n 35c5f1efb679c09bc48d917b94954713  mbs2/x86_64/lib64svn0-1.8.11-1.mbs2.x86_64.rpm\n 56722eb7ac7b08654d795a5981ebd210  mbs2/x86_64/lib64svnjavahl1-1.8.11-1.mbs2.x86_64.rpm\n e1479d1c61864767d56a147bb4ee9b7f  mbs2/x86_64/perl-SVN-1.8.11-1.mbs2.x86_64.rpm\n 7c4d79f31b0559c22cc84f39a06f9da0  mbs2/x86_64/perl-svn-devel-1.8.11-1.mbs2.x86_64.rpm\n 14720ab01668a9d04b566d5102c09f68  mbs2/x86_64/python-svn-1.8.11-1.mbs2.x86_64.rpm\n 07db3a7142457efc1e0547fd40bbf03f  mbs2/x86_64/python-svn-devel-1.8.11-1.mbs2.x86_64.rpm\n 8d0511abbed2c57f505183bf00c4ab0d  mbs2/x86_64/ruby-svn-1.8.11-1.mbs2.x86_64.rpm\n 8d062f6dd429b87f2b1d432c92e9a84a  mbs2/x86_64/ruby-svn-devel-1.8.11-1.mbs2.x86_64.rpm\n 31e14a18991a2383065a069d53d3cd4e  mbs2/x86_64/subversion-1.8.11-1.mbs2.x86_64.rpm\n 1ce1c374c428409e8a6380d64b8706f8  mbs2/x86_64/subversion-devel-1.8.11-1.mbs2.x86_64.rpm\n 052411de41e785decc0bc130e2756eff  mbs2/x86_64/subversion-doc-1.8.11-1.mbs2.x86_64.rpm\n 98c1473e3721e4c9a6996db448c6ff36  mbs2/x86_64/subversion-server-1.8.11-1.mbs2.x86_64.rpm\n 6ad3881116530af4d889bb6c142d70dc  mbs2/x86_64/subversion-tools-1.8.11-1.mbs2.x86_64.rpm\n 3fb0c871a5771c8fe4c6475b5ac0406c  mbs2/x86_64/svn-javahl-1.8.11-1.mbs2.x86_64.rpm \n 45e0624a89e4c79d4739cd4eb22d9a29  mbs2/SRPMS/subversion-1.8.11-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl\nNaJSaZq4W6qIMwD8fhQF5Ls=\n=R/mF\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2316-1\nAugust 14, 2014\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nLieven Govaerts discovered that the Subversion mod_dav_svn module\nincorrectly handled certain request methods when SVNListParentPath was\nenabled. This issue only affected Ubuntu\n12.04 LTS. (CVE-2014-3528)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libsvn1                         1.8.8-1ubuntu3.1\n  subversion                      1.8.8-1ubuntu3.1\n\nUbuntu 12.04 LTS:\n  libapache2-svn                  1.6.17dfsg-3ubuntu3.4\n  libsvn1                         1.6.17dfsg-3ubuntu3.4\n  subversion                      1.6.17dfsg-3ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2316-1\n  CVE-2014-0032, CVE-2014-3522, CVE-2014-3528\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1\n  https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Subversion, Serf: Multiple Vulnerabilities\n     Date: October 11, 2016\n     Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n           #581448, #586046\n       ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-vcs/subversion           \u003c 1.9.4                    \u003e= 1.9.4\n                                                            *\u003e 1.8.16\n  2  net-libs/serf                \u003c 1.3.7                    \u003e= 1.3.7\n    -------------------------------------------------------------------\n     2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[  1 ] CVE-2014-0032\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[  2 ] CVE-2014-3504\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[  3 ] CVE-2014-3522\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[  4 ] CVE-2014-3528\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[  5 ] CVE-2015-0202\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[  6 ] CVE-2015-0248\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[  7 ] CVE-2015-0251\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[  8 ] CVE-2015-3184\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[  9 ] CVE-2015-3187\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \nCVE-ID\nCVE-2014-3522\nCVE-2014-3528\nCVE-2014-3580\nCVE-2014-8108\n\nGit\nAvailable for:  OS X Mavericks v10.9.4 or later\nImpact:  Synching with a malicious git repository may allow\nunexpected files to be added to the .git folder\nDescription:  The checks involved in disallowed paths did not account\nfor case insensitivity or unicode characters. This issue was\naddressed by adding additional checks. \nCVE-ID\nCVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of\nMercurial\n\nXcode 6.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"6.2\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "BID",
        "id": "69237"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "db": "PACKETSTORM",
        "id": "131094"
      },
      {
        "db": "PACKETSTORM",
        "id": "127874"
      },
      {
        "db": "PACKETSTORM",
        "id": "139060"
      },
      {
        "db": "PACKETSTORM",
        "id": "130744"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-71462",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3522",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "69237",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "60722",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "59432",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "60100",
        "trust": 1.8
      },
      {
        "db": "XF",
        "id": "95090",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "59584",
        "trust": 1.2
      },
      {
        "db": "OSVDB",
        "id": "109996",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU90171154",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "130744",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-71462",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3522",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131094",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127874",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139060",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "db": "BID",
        "id": "69237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "PACKETSTORM",
        "id": "131094"
      },
      {
        "db": "PACKETSTORM",
        "id": "127874"
      },
      {
        "db": "PACKETSTORM",
        "id": "139060"
      },
      {
        "db": "PACKETSTORM",
        "id": "130744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "id": "VAR-201408-0086",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:18:13.322000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2014-3522-advisory",
        "trust": 0.8,
        "url": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt"
      },
      {
        "title": "APPLE-SA-2015-03-09-4 Xcode 6.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
      },
      {
        "title": "HT204427",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT204427"
      },
      {
        "title": "HT204427",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204427"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
      },
      {
        "title": "USN-2316-1",
        "trust": 0.8,
        "url": "http://www.ubuntu.com/usn/USN-2316-1/"
      },
      {
        "title": "subversion-1.7.18",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51250"
      },
      {
        "title": "subversion-1.7.18",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51249"
      },
      {
        "title": "subversion-1.8.10",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51253"
      },
      {
        "title": "subversion-1.7.18",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51248"
      },
      {
        "title": "subversion-1.8.10",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51252"
      },
      {
        "title": "subversion-1.8.10",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51251"
      },
      {
        "title": "Ubuntu Security Notice: subversion vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2316-1"
      },
      {
        "title": "Apple: Xcode 6.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=28f88d65a83ee45368f37221b1b4ea8f"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-413",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-413"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-297",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/60100"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/69237"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2316-1"
      },
      {
        "trust": 1.8,
        "url": "https://subversion.apache.org/security/cve-2014-3522-advisory.txt"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/59432"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/60722"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/95090"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201610-05"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/ht204427"
      },
      {
        "trust": 1.2,
        "url": "http://www.osvdb.org/109996"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/59584"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3522"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90171154/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3522"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
      },
      {
        "trust": 0.3,
        "url": "http://subversion.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127063"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht204427"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2316-1/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/297.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2316-1/"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0339.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0545.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0032"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0105.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3528"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9390"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "db": "BID",
        "id": "69237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "PACKETSTORM",
        "id": "131094"
      },
      {
        "db": "PACKETSTORM",
        "id": "127874"
      },
      {
        "db": "PACKETSTORM",
        "id": "139060"
      },
      {
        "db": "PACKETSTORM",
        "id": "130744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "db": "BID",
        "id": "69237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "db": "PACKETSTORM",
        "id": "131094"
      },
      {
        "db": "PACKETSTORM",
        "id": "127874"
      },
      {
        "db": "PACKETSTORM",
        "id": "139060"
      },
      {
        "db": "PACKETSTORM",
        "id": "130744"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "date": "2014-08-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "date": "2014-08-14T00:00:00",
        "db": "BID",
        "id": "69237"
      },
      {
        "date": "2014-08-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "date": "2015-03-30T21:22:48",
        "db": "PACKETSTORM",
        "id": "131094"
      },
      {
        "date": "2014-08-14T22:50:50",
        "db": "PACKETSTORM",
        "id": "127874"
      },
      {
        "date": "2016-10-12T04:50:20",
        "db": "PACKETSTORM",
        "id": "139060"
      },
      {
        "date": "2015-03-10T16:22:37",
        "db": "PACKETSTORM",
        "id": "130744"
      },
      {
        "date": "2014-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      },
      {
        "date": "2014-08-19T18:55:02.640000",
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71462"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3522"
      },
      {
        "date": "2016-10-26T01:16:00",
        "db": "BID",
        "id": "69237"
      },
      {
        "date": "2015-10-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      },
      {
        "date": "2014-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      },
      {
        "date": "2024-11-21T02:08:17.650000",
        "db": "NVD",
        "id": "CVE-2014-3522"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131094"
      },
      {
        "db": "PACKETSTORM",
        "id": "127874"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201408-233"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Subversion of  Serf RA Vulnerability impersonating server in layer",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003864"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "69237"
      }
    ],
    "trust": 0.3
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.