CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 4 (hide)

cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-08-19 18:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-3522

Mitre link : CVE-2014-3522

CVE.ORG link : CVE-2014-3522


JSON object : View

Products Affected

opensuse

  • opensuse

canonical

  • ubuntu_linux

apple

  • xcode

apache

  • subversion
CWE
CWE-297

Improper Validation of Certificate with Host Mismatch