var-201408-0079
Vulnerability from variot
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion is prone to an insecure authentication weakness. This may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). ============================================================================ Ubuntu Security Notice USN-2316-1 August 14, 2014
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032)
Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522)
Bert Huijben discovered that Subversion did not properly handle cached credentials. (CVE-2014-3528)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4
In general, a standard system update will make all the necessary changes.
Gentoo Linux Security Advisory GLSA 201610-05
https://security.gentoo.org/
Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.
The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. 6) - i386, noarch, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 =====================================================================
- Summary:
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-3528)
Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm
s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_0.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108
Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial
Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "6.2". The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUBaOGmqjQ0CJFipgRAk32AKDCwQsio9x3WrZnKNy1MOf5LDvJ3gCgtS3Q ct3IdlMq1mqCiZSzQ2T4hcg= =M9D+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6.z"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.4.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.x"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.4 or later )"
},
{
"model": "subversion",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "1.0.0 from 1.7.x"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "12.04 lts"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
}
],
"sources": [
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bert Huijben",
"sources": [
{
"db": "BID",
"id": "68995"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3528",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-71468",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3528",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71468",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3528",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion is prone to an insecure authentication weakness. This may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). ============================================================================\nUbuntu Security Notice USN-2316-1\nAugust 14, 2014\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nLieven Govaerts discovered that the Subversion mod_dav_svn module\nincorrectly handled certain request methods when SVNListParentPath was\nenabled. This issue only affected Ubuntu\n12.04 LTS. (CVE-2014-0032)\n\nBen Reser discovered that Subversion did not correctly validate SSL\ncertificates containing wildcards. A remote attacker could exploit this to\nperform a man in the middle attack to view sensitive information or alter\nencrypted communications. (CVE-2014-3522)\n\nBert Huijben discovered that Subversion did not properly handle cached\ncredentials. (CVE-2014-3528)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libsvn1 1.8.8-1ubuntu3.1\n subversion 1.8.8-1ubuntu3.1\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.4\n libsvn1 1.6.17dfsg-3ubuntu3.4\n subversion 1.6.17dfsg-3ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Subversion, Serf: Multiple Vulnerabilities\n Date: October 11, 2016\n Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n #581448, #586046\n ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.9.4 \u003e= 1.9.4\n *\u003e 1.8.16\n 2 net-libs/serf \u003c 1.3.7 \u003e= 1.3.7\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[ 2 ] CVE-2014-3504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[ 3 ] CVE-2014-3522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[ 4 ] CVE-2014-3528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[ 5 ] CVE-2015-0202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[ 6 ] CVE-2015-0248\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[ 7 ] CVE-2015-0251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[ 8 ] CVE-2015-3184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[ 9 ] CVE-2015-3187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. 6) - i386, noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:0166-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html\nIssue date: 2015-02-10\nCVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. \n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nhandled REPORT requests. A remote, unauthenticated attacker could use a\nspecially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nhandled certain requests for URIs that trigger a lookup of a virtual\ntransaction name. A remote, unauthenticated attacker could send a request\nfor a virtual transaction name that does not exist, causing mod_dav_svn to\ncrash. (CVE-2014-3528)\n\nRed Hat would like to thank the Subversion project for reporting\nCVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of\nVisualSVN as the original reporter. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision\n1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests\n1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_0.ppc64.rpm\nsubversion-1.7.14-7.el7_0.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc.rpm\nsubversion-libs-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_0.s390x.rpm\nsubversion-1.7.14-7.el7_0.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-libs-1.7.14-7.el7_0.s390.rpm\nsubversion-libs-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc.rpm\nsubversion-devel-1.7.14-7.el7_0.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_0.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc.rpm\nsubversion-kde-1.7.14-7.el7_0.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc.rpm\nsubversion-perl-1.7.14-7.el7_0.ppc64.rpm\nsubversion-python-1.7.14-7.el7_0.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_0.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_0.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.s390x.rpm\nsubversion-devel-1.7.14-7.el7_0.s390.rpm\nsubversion-devel-1.7.14-7.el7_0.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390.rpm\nsubversion-gnome-1.7.14-7.el7_0.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390.rpm\nsubversion-javahl-1.7.14-7.el7_0.s390x.rpm\nsubversion-kde-1.7.14-7.el7_0.s390.rpm\nsubversion-kde-1.7.14-7.el7_0.s390x.rpm\nsubversion-perl-1.7.14-7.el7_0.s390.rpm\nsubversion-perl-1.7.14-7.el7_0.s390x.rpm\nsubversion-python-1.7.14-7.el7_0.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390.rpm\nsubversion-ruby-1.7.14-7.el7_0.s390x.rpm\nsubversion-tools-1.7.14-7.el7_0.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_0.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_0.x86_64.rpm\nsubversion-1.7.14-7.el7_0.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_0.i686.rpm\nsubversion-libs-1.7.14-7.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_0.i686.rpm\nsubversion-devel-1.7.14-7.el7_0.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_0.i686.rpm\nsubversion-gnome-1.7.14-7.el7_0.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_0.i686.rpm\nsubversion-javahl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_0.i686.rpm\nsubversion-kde-1.7.14-7.el7_0.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_0.i686.rpm\nsubversion-perl-1.7.14-7.el7_0.x86_64.rpm\nsubversion-python-1.7.14-7.el7_0.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_0.i686.rpm\nsubversion-ruby-1.7.14-7.el7_0.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3528\nhttps://access.redhat.com/security/cve/CVE-2014-3580\nhttps://access.redhat.com/security/cve/CVE-2014-8108\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2014-3528-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-3580-advisory.txt\nhttps://subversion.apache.org/security/CVE-2014-8108-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll\nKM6EsnQkXd09uLTe1k+tQaU=\n=CuZg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThese issues were addressed by updating Apache Subversion to version\n1.7.19. \nCVE-ID\nCVE-2014-3522\nCVE-2014-3528\nCVE-2014-3580\nCVE-2014-8108\n\nGit\nAvailable for: OS X Mavericks v10.9.4 or later\nImpact: Synching with a malicious git repository may allow\nunexpected files to be added to the .git folder\nDescription: The checks involved in disallowed paths did not account\nfor case insensitivity or unicode characters. This issue was\naddressed by adding additional checks. \nCVE-ID\nCVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of\nMercurial\n\nXcode 6.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"6.2\". The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUBaOGmqjQ0CJFipgRAk32AKDCwQsio9x3WrZnKNy1MOf5LDvJ3gCgtS3Q\nct3IdlMq1mqCiZSzQ2T4hcg=\n=M9D+\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3528"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71468",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3528",
"trust": 3.5
},
{
"db": "BID",
"id": "68995",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "60722",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "59432",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "59584",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90171154",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "130344",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128073",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130349",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71468",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3528",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127874",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130744",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"id": "VAR-201408-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:42:10.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2014-3528-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/cve-2014-3528-advisory.txt"
},
{
"title": "APPLE-SA-2015-03-09-4 Xcode 6.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"title": "HT204427",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204427"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "RHSA-2015:0165 ",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0165.html"
},
{
"title": "RHSA-2015:0166 ",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0166.html"
},
{
"title": "USN-2316-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2316-1"
},
{
"title": "Red Hat: Moderate: subversion security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150165 - security advisory"
},
{
"title": "Red Hat: Moderate: subversion security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150166 - security advisory"
},
{
"title": "Ubuntu Security Notice: subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2316-1"
},
{
"title": "Apple: Xcode 6.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=28f88d65a83ee45368f37221b1b4ea8f"
},
{
"title": "Red Hat: CVE-2014-3528",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3528"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://subversion.apache.org/security/cve-2014-3528-advisory.txt"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/68995"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2316-1"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/59432"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/60722"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0165.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0166.html"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00003.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht204427"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/59584"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3528"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90171154/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3528"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-3528"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2014/q3/273"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht204427"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3580"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://subversion.apache.org/security/cve-2014-3580-advisory.txt"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:0165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2316-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2014-8108-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9390"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0338.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71468"
},
{
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"db": "BID",
"id": "68995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "PACKETSTORM",
"id": "130744"
},
{
"db": "PACKETSTORM",
"id": "128073"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-71468"
},
{
"date": "2014-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"date": "2014-08-01T00:00:00",
"db": "BID",
"id": "68995"
},
{
"date": "2014-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"date": "2014-08-14T22:50:50",
"db": "PACKETSTORM",
"id": "127874"
},
{
"date": "2016-10-12T04:50:20",
"db": "PACKETSTORM",
"id": "139060"
},
{
"date": "2015-02-11T01:52:08",
"db": "PACKETSTORM",
"id": "130349"
},
{
"date": "2015-02-11T01:49:16",
"db": "PACKETSTORM",
"id": "130344"
},
{
"date": "2015-03-10T16:22:37",
"db": "PACKETSTORM",
"id": "130744"
},
{
"date": "2014-09-02T20:16:50",
"db": "PACKETSTORM",
"id": "128073"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"date": "2014-08-19T18:55:02.687000",
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71468"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3528"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "68995"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003865"
},
{
"date": "2014-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-080"
},
{
"date": "2018-10-30T16:27:34.687000",
"db": "NVD",
"id": "CVE-2014-3528"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "127874"
},
{
"db": "PACKETSTORM",
"id": "130349"
},
{
"db": "PACKETSTORM",
"id": "130344"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion Vulnerabilities in which credentials are obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-080"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.