Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
BID:69237
Info
Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
| Bugtraq ID: | 69237 |
| Class: | Design Error |
| CVE: |
CVE-2014-3522 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2014 12:00AM |
| Updated: | Oct 26 2016 01:16AM |
| Credit: | Ben Reser |
| Vulnerable: |
Ubuntu Ubuntu Linux 14.04 LTS Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 12.04 LTS Gentoo Linux Apple Xcode 6.0.1 Apple Xcode 2.4.1 Apple Xcode 6.0 Apple Xcode 5.0 Apple Xcode 4.4 Apple Xcode 4.3.3 Apple Xcode 4.3.2 Apple Xcode 4.3.1 Apple Xcode 4.3 Apple Xcode 4.2.1 Apple Xcode 4.2 Apple Xcode 4.1.1 Apple Xcode 4.0.2 Apple Xcode 4.0.1 Apple Xcode 3.2.5 Apple Xcode 3.2.4 Apple Xcode 3.2.3 Apple Xcode 3.2.2 Apple Xcode 3.2.1 Apple Xcode 3.1.4 Apple Xcode 3.1.3 Apple Xcode 3.1.2 Apple Xcode 3.1.1 Apple Xcode 3.1 Apple Xcode 3.0 Apple Xcode 2.3 Apple Xcode 2.2 Apple Xcode 2.1 Apple Xcode 2.0 Apache Subversion 1.8.9 Apache Subversion 1.8.5 Apache Subversion 1.8.1 Apache Subversion 1.8 Apache Subversion 1.7.17 Apache Subversion 1.7.11 Apache Subversion 1.7.10 Apache Subversion 1.7.1 Apache Subversion 1.7 Apache Subversion 1.6.23 Apache Subversion 1.6.22 Apache Subversion 1.6.21 Apache Subversion 1.6.20 Apache Subversion 1.6.19 Apache Subversion 1.6.18 Apache Subversion 1.6.14 Apache Subversion 1.6.13 Apache Subversion 1.6.12 Apache Subversion 1.6.11 Apache Subversion 1.6.10 Apache Subversion 1.6.6 Apache Subversion 1.6.5 Apache Subversion 1.6.3 Apache Subversion 1.6.2 Apache Subversion 1.5.8 Apache Subversion 1.5.7 Apache Subversion 1.5.5 Apache Subversion 1.5.4 Apache Subversion 1.5.2 Apache Subversion 1.5.1 Apache Subversion 1.4.6 Apache Subversion 1.3.2 Apache Subversion 1.0.9 Apache Subversion 1.0.8 Apache Subversion 1.0.7 Apache Subversion 1.0.6 Apache Subversion 1.0.2 Apache Subversion 0.37 Apache Subversion 0.36 Apache Subversion 0.35 Apache Subversion 0.34 Apache Subversion 0.33 Apache Subversion 0.31 Apache Subversion 0.30 Apache Subversion 0.29 Apache Subversion 0.28.2 Apache Subversion 0.28.1 Apache Subversion 0.28 Apache Subversion 0.27 Apache Subversion 0.26 Apache Subversion 0.25 Apache Subversion 0.24.2 Apache Subversion 0.24.1 Apache Subversion 0.24 Apache Subversion 0.23 Apache Subversion 0.22.2 Apache Subversion 0.22.1 Apache Subversion 0.22 Apache Subversion 0.21 Apache Subversion 0.20.1 Apache Subversion 0.20 Apache Subversion 0.19 Apache Subversion 0.18.1 Apache Subversion 0.18 Apache Subversion 0.17.1 Apache Subversion 0.17 Apache Subversion 0.16.1 Apache Subversion 0.14.5 Apache Subversion 0.14.4 Apache Subversion 0.14.2 Apache Subversion 0.14.1 Apache Subversion 0.14 Apache Subversion 0.13.2 Apache Subversion 0.13.1 Apache Subversion 0.13 Apache Subversion 0.12 Apache Subversion 0.11.1 Apache Subversion 0.10.2 Apache Subversion 0.10.1 Apache Subversion 0.4.2 Apache Subversion 1.8.6 Apache Subversion 1.8.4 Apache Subversion 1.8.3 Apache Subversion 1.8.2 Apache Subversion 1.7.9 Apache Subversion 1.7.8 Apache Subversion 1.7.7 Apache Subversion 1.7.6 Apache Subversion 1.7.5 Apache Subversion 1.7.4 Apache Subversion 1.7.3 Apache Subversion 1.7.2 Apache Subversion 1.7.15 Apache Subversion 1.7.14 Apache Subversion 1.7.13 Apache Subversion 1.7.12 Apache Subversion 1.6.9 Apache Subversion 1.6.8 Apache Subversion 1.6.7 Apache Subversion 1.6.4 Apache Subversion 1.6.17 Apache Subversion 1.6.16 Apache Subversion 1.6.15 Apache Subversion 1.6.1 Apache Subversion 1.6.0 Apache Subversion 1.5.6 Apache Subversion 1.5.3 Apache Subversion 1.5.0 Apache Subversion 1.4.5 Apache Subversion 1.4.4 Apache Subversion 1.4.2 Apache Subversion 1.4.1 Apache Subversion 1.4.0 Apache Subversion 1.3.1 Apache Subversion 1.3.0 Apache Subversion 1.2.3 Apache Subversion 1.2.2 Apache Subversion 1.2.1 Apache Subversion 1.1.4 Apache Subversion 1.1.3 Apache Subversion 1.1.2 Apache Subversion 1.1.1 Apache Subversion 1.1.0 Apache Subversion 1.0.5 Apache Subversion 1.0.4 Apache Subversion 1.0.3 Apache Subversion 1.0.1 Apache Subversion 0.9 Apache Subversion 0.8 Apache Subversion 0.7 Apache Subversion 0.6 Apache Subversion 0.35.1 Apache Subversion 0.33.1 Apache Subversion 0.32.1 Apache Subversion 0.19.1 Apache Subversion 0.16 Apache Subversion 0.15 Apache Subversion 0.14.3 Apache Subversion 0.10.0 |
| Not Vulnerable: |
Apple Xcode 6.2 Apache Subversion 1.8.10 Apache Subversion 1.7.18 |
Discussion
Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
Apache Subversion is prone to an information disclosure vulnerability.
An attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks.
Apache Subversion is prone to an information disclosure vulnerability.
An attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks.
Exploit / POC
Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
References:
References:
- Apache Subversion Homepage (Apache Software Foundation)
- subversion: incorrect SSL certificate validation in Serf RA (repository access) (Red Hat)
- About the security content of Xcode 6.2 (Apple)
- USN-2316-1: Subversion vulnerabilities (Ubuntu)