CVE-2014-3522
Description
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Risk Information
Base Score
7.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
2.619
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-3522,CVE-2014-3528,CVE-2014-3580,CVE-2014-8108 are affected in Command Line Tools for XCode for Mac 6.1.1 | Mac |
| Multiple Vulnerabilities are affected in Command Line Tools for XCode for Mac 6.1.1 | Mac |
| Advanced version control system (USN-2316-1) libsvn1_1.8.8-1ubuntu3.2_i386.deb | Linux |
| Advanced version control system (USN-2316-1) libsvn1_1.8.8-1ubuntu3.2_amd64.deb | Linux |
| Advanced version control system (USN-2316-1) subversion_1.8.8-1ubuntu3.2_i386.deb | Linux |
| Advanced version control system (USN-2316-1) subversion_1.8.8-1ubuntu3.2_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-607901 | Command Line Tools for XCode for Mac 15.3 (Deployment-Only) |
| PATCH-607901 | Command Line Tools for XCode for Mac 15.3 (Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234