Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3528

Опубликовано: 13 дек. 2013
Источник: redhat
CVSS2: 2.6

Описание

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm.

Отчет

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5subversionWill not fix
Red Hat Enterprise Linux 6subversionFixedRHSA-2015:016510.02.2015
Red Hat Enterprise Linux 7subversionFixedRHSA-2015:016610.02.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-327->CWE-201
https://bugzilla.redhat.com/show_bug.cgi?id=1125799subversion: credentials leak via MD5 collision

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3528

ubuntu
почти 11 лет назад

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

nvd логотип

CVE-2014-3528

nvd
почти 11 лет назад

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

debian логотип

CVE-2014-3528

debian
почти 11 лет назад

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1 ...

github логотип

GHSA-vxf6-xw9g-6cfc

github
больше 3 лет назад

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

fstec логотип

BDU:2015-00404

fstec
почти 11 лет назад

Уязвимость программного обеспечения Apache Subversion, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

2.6 Low

CVSS2