Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apache Subversion
Опубликовано:26 августа 2014 г.
Источник:
SecurityVulns ID:13938
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS, утечка информации, проблемы с валидацией сертификата.
Затронутые продукты:APACHE : Subversion 1.8
CVE:CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.)
 CVE-2014-3522 (The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.)
 CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.)
Оригинальный текстdocumentUBUNTU, [USN-2316-1] Subversion vulnerabilities (26.08.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород