CVE-2014-3528
EPSS 3.4%
Description
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
How to fix CVE-2014-3528
To remediate CVE-2014-3528, upgrade the affected package to a fixed version below.
- Debian/subversion—upgrade to 1.8.10-1 or later
Is CVE-2014-3528 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.8.10-1