Test ID:	1.3.6.1.4.1.25623.1.0.806858
Category:	General
Title:	Apache Subversion Certificate Validation Information Disclosure Vulnerability
Summary:	Apache Subversion is prone to certificate validation; information disclosure vulnerability.
Description:	Summary: Apache Subversion is prone to certificate validation information disclosure vulnerability. Vulnerability Insight: The flaw is due to an improper validation of certificates with wildcards in them for HTTPS. Vulnerability Impact: Successful exploitation will allow a man in the middle attacker to spoof servers via a crafted certificate. Affected Software/OS: Apache Subversion version 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10. Solution: Update to version 1.7.18, 1.8.10 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3522 http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html BugTraq ID: 69237 http://www.securityfocus.com/bid/69237 https://security.gentoo.org/glsa/201610-05 http://www.osvdb.org/109996 http://secunia.com/advisories/59432 http://secunia.com/advisories/59584 http://secunia.com/advisories/60100 http://secunia.com/advisories/60722 SuSE Security Announcement: openSUSE-SU-2014:1059 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html http://www.ubuntu.com/usn/USN-2316-1 XForce ISS Database: apache-subversion-cve20143522-spoofing(95311) https://exchange.xforce.ibmcloud.com/vulnerabilities/95311 XForce ISS Database: apache-subversion-cve20143528-info-disc(95090) https://exchange.xforce.ibmcloud.com/vulnerabilities/95090
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.