Описание
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.8.10-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.8.8-1ubuntu3.1]] |
| lucid | ignored | end of life |
| precise | released | 1.6.17dfsg-3ubuntu3.4 |
| trusty | released | 1.8.8-1ubuntu3.1 |
| trusty/esm | DNE | trusty was released [1.8.8-1ubuntu3.1] |
| upstream | released | 1.7.10,1.8.10 |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7. ...
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Уязвимость программного обеспечения Apache Subversion, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации
EPSS
4 Medium
CVSS2