VDB

DEBIAN-CVE-2014-3522

DEBIAN-CVE-2014-3522 PUBLISHED

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Affected Products

VendorProductVersions
Debian:11subversion0, 0, 0
Debian:12subversion0, 0, 0
Debian:14subversion0, 0, 0
Debian:13subversion0, 0, 0

Timeline

  • Aug 19, 2014 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›