CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

Published: Aug 19, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3528
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:H/Au:N/C:P/I:P/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
opensuse / opensuse	12.3	12.3.x
opensuse / opensuse	13.1	13.1.x
apache / subversion	1.2.0	1.2.0.x
apache / subversion	1.0.4	1.0.4.x
apache / subversion	1.6.10	1.6.10.x
apache / subversion	1.6.19	1.6.19.x
apache / subversion	1.8.2	1.8.2.x
apache / subversion	1.0.8	1.0.8.x
apache / subversion	1.4.5	1.4.5.x
apache / subversion	1.7.3	1.7.3.x
apache / subversion	1.0.2	1.0.2.x
apache / subversion	1.1.2	1.1.2.x
apache / subversion	1.6.20	1.6.20.x
apache / subversion	1.7.17	1.7.17.x
apache / subversion	1.8.0	1.8.0.x
apache / subversion	1.0.9	1.0.9.x
apache / subversion	1.4.2	1.4.2.x
apache / subversion	1.6.2	1.6.2.x
apache / subversion	1.7.1	1.7.1.x
apache / subversion	1.7.11	1.7.11.x
apache / subversion	1.7.16	1.7.16.x
apache / subversion	1.6.18	1.6.18.x
apache / subversion	1.6.16	1.6.16.x
apache / subversion	1.5.5	1.5.5.x
apache / subversion	1.7.4	1.7.4.x
apache / subversion	1.6.21	1.6.21.x
apache / subversion	1.6.5	1.6.5.x
apache / subversion	1.1.1	1.1.1.x
apache / subversion	1.7.6	1.7.6.x
apache / subversion	1.5.3	1.5.3.x
apache / subversion	1.2.3	1.2.3.x
apache / subversion	1.4.0	1.4.0.x
apache / subversion	1.8.1	1.8.1.x
apache / subversion	1.4.4	1.4.4.x
apache / subversion	1.5.7	1.5.7.x
apache / subversion	1.4.6	1.4.6.x
apache / subversion	1.3.1	1.3.1.x
apache / subversion	1.8.9	1.8.9.x
apache / subversion	1.7.9	1.7.9.x
apache / subversion	1.7.12	1.7.12.x
apache / subversion	1.6.3	1.6.3.x
apache / subversion	1.6.8	1.6.8.x
apache / subversion	1.7.10	1.7.10.x
apache / subversion	1.8.5	1.8.5.x
apache / subversion	1.6.13	1.6.13.x
apache / subversion	1.7.7	1.7.7.x
apache / subversion	1.0.3	1.0.3.x
apache / subversion	1.6.0	1.6.0.x
apache / subversion	1.1.4	1.1.4.x
apache / subversion	1.5.8	1.5.8.x
apache / subversion	1.5.2	1.5.2.x
apache / subversion	1.0.6	1.0.6.x
apache / subversion	1.6.7	1.6.7.x
apache / subversion	1.0.1	1.0.1.x
apache / subversion	1.3.2	1.3.2.x
apache / subversion	1.6.12	1.6.12.x
apache / subversion	1.8.6	1.8.6.x
apache / subversion	1.7.2	1.7.2.x
apache / subversion	1.0.5	1.0.5.x
apache / subversion	1.6.1	1.6.1.x
apache / subversion	1.6.4	1.6.4.x
apache / subversion	1.7.13	1.7.13.x
apache / subversion	1.2.1	1.2.1.x
apache / subversion	1.8.4	1.8.4.x
apache / subversion	1.6.23	1.6.23.x
apache / subversion	1.8.3	1.8.3.x
apache / subversion	1.7.8	1.7.8.x
apache / subversion	1.4.3	1.4.3.x
apache / subversion	1.8.7	1.8.7.x
apache / subversion	1.6.15	1.6.15.x
apache / subversion	1.5.4	1.5.4.x
apache / subversion	1.3.0	1.3.0.x
apache / subversion	1.7.14	1.7.14.x
apache / subversion	1.6.11	1.6.11.x
apache / subversion	1.1.3	1.1.3.x
apache / subversion	1.2.2	1.2.2.x
apache / subversion	1.7.5	1.7.5.x
apache / subversion	1.6.14	1.6.14.x
apache / subversion	1.1.0	1.1.0.x
apache / subversion	1.5.1	1.5.1.x
apache / subversion	1.7.15	1.7.15.x
apache / subversion	1.6.17	1.6.17.x
apache / subversion	1.5.6	1.5.6.x
apache / subversion	1.0.7	1.0.7.x
apache / subversion	1.5.0	1.5.0.x
apache / subversion	1.0.0	1.0.0.x
apache / subversion	1.6.6	1.6.6.x
apache / subversion	1.6.9	1.6.9.x
apache / subversion	1.4.1	1.4.1.x
apache / subversion	1.8.8	1.8.8.x
apache / subversion	1.7.0	1.7.0.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	12.04	12.04.x
apple / xcode	6.1.1	6.1.1.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server_eus	6.6.z	6.6.z.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_hpc_node	6.0	6.0.x
redhat / enterprise_linux_hpc_node	7.0	7.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x

Vulnerability Database

289,599

CVE-2014-3528