CVE-2014-3528

Priority
Description
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10
uses an MD5 hash of the URL and authentication realm to store cached
credentials, which makes it easier for remote servers to obtain the
credentials via a crafted authentication realm.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.7.18,1.8.10)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.8.8-1ubuntu3.1])
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1605944 (1.8.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1615193 (1.7.x)
More Information

Updated: 2020-01-29 19:49:42 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)