CVE-2014-3528

medium

Apache

CVSS v3 Base Score

4.0

AV:N/AC:H/Au:N/C:P/I:P/A:N

EPSS Score

3.4%

Exploitation probability in 30 days

Top 13% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

Integrity

Availability

None

Published: August 19, 2014 (4286 days ago)

Last Modified: May 6, 2026

Vendor: Apache

Source: NVD

Description

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

CWE

CWE-255

Affected Products

opensuse opensuseapache subversioncanonical ubuntu linuxapple xcoderedhat enterprise linux desktopredhat enterprise linux hpc noderedhat enterprise linux serverredhat enterprise linux server eusredhat enterprise linux workstation

References

🔗 lists.apple.com 🔗 lists.opensuse.org 🔗 rhn.redhat.com 🔗 rhn.redhat.com 🔗 secunia.com

CVE-2014-3528

Vulnerability Report

Description

CWE

Affected Products

References