CVE-2014-3522

Related Files

Gentoo Linux Security Advisory 201610-05

Posted Oct 12, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-5 - Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Versions less than 1.9.4 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2014-0032, CVE-2014-3504, CVE-2014-3522, CVE-2014-3528, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187, CVE-2015-5259, CVE-2016-2167, CVE-2016-2168

SHA-256 | 6fc3d8b062f4dd9dd7a5b8d8121065ad62aa138fd8e27bec35dc5e71fb9cd7e8

Download | Favorite | View

Mandriva Linux Security Advisory 2015-085

Posted Mar 30, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-085 - The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service via an OPTIONS request. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2014-0032, CVE-2014-3522, CVE-2014-3528

SHA-256 | 01aff36f339d42406e0aae560444ac58ac7a1af4b623272cb7f496e90441e981

Download | Favorite | View

Apple Security Advisory 2015-03-09-4

Posted Mar 10, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-4 - Xcode 6.2 is now available and addresses spoofing and validation checking issues.

tags | advisory, spoof

systems | apple

advisories | CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108, CVE-2014-9390

SHA-256 | 4a50eb3c136fe092fc8abd8396cccba8eb128f4a15cfe7c70ec4f0d941b01848

Download | Favorite | View

Ubuntu Security Notice USN-2316-1

Posted Aug 14, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2316-1 - Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2014-0032, CVE-2014-3522, CVE-2014-3528

SHA-256 | 34a878b1d3886abcc6a12d4b5804a8f3bed05cb128b024c7a2c181220ad326ca

Download | Favorite | View