Unrated severityNVD Advisory· Published Aug 19, 2014· Updated May 6, 2026

CVE-2014-3528

Description

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

Affected products

103

Apache/Subversion89 versions
cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*+ 88 more
- cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
Apple Inc./Xcode
cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Hpc Node2 versions
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Mar/msg00003.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2014-08/msg00038.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-0165.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-0166.htmlnvdThird Party Advisory
subversion.apache.org/security/CVE-2014-3528-advisory.txtnvdVendor Advisory
www.ubuntu.com/usn/USN-2316-1nvdVendor Advisory
support.apple.com/HT204427nvdThird Party Advisory
secunia.com/advisories/59432nvd
secunia.com/advisories/59584nvd
secunia.com/advisories/60722nvd
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvd
www.securityfocus.com/bid/68995nvd
security.gentoo.org/glsa/201610-05nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000