MidnightBSD

Advisories for serf_project

CVE-2014-3504 MEDIUM

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache subversion 1.6.6
apache subversion 1.6.20
serf_project serf 1.0.2
serf_project serf 0.5.0
apache subversion 1.5.0
apache subversion 1.5.2
serf_project serf 1.3.5
apache subversion 1.6.1
apache subversion 1.8.5
apache subversion 1.5.7
apache subversion 1.7.16
apache subversion 1.7.9
serf_project serf 0.6.1
apache subversion 1.8.0
serf_project serf 1.3.3
apache subversion 1.5.6
apache subversion 1.4.2
apache subversion 1.6.7
apache subversion 1.8.7
apache subversion 1.7.4
apache subversion 1.7.2
serf_project serf 0.3.1
apache subversion 1.5.8
apache subversion 1.6.15
canonical ubuntu_linux 12.04
serf_project serf 1.2.1
apache subversion 1.6.10
serf_project serf 1.0.0
apache subversion 1.6.0
apache subversion 1.6.12
apache subversion 1.6.17
apache subversion 1.4.1
apache subversion 1.7.10
apache subversion 1.8.3
apache subversion 1.8.4
apache subversion 1.6.5
apache subversion 1.4.6
serf_project serf 1.3.2
apache subversion 1.7.5
apache subversion 1.6.8
apache subversion 1.5.5
apache subversion 1.7.8
serf_project serf 1.3.0
serf_project serf 1.3.6
apache subversion 1.8.2
apache subversion 1.5.1
serf_project serf 0.6.0
serf_project serf 1.0.3
apache subversion 1.8.8
apache subversion 1.4.3
apache subversion 1.6.11
apache subversion 1.6.14
apache subversion 1.7.14
apache subversion 1.6.16
apache subversion 1.4.0
serf_project serf 0.7.1
apache subversion 1.7.17
apache subversion 1.4.5
apache subversion 1.7.6
apache subversion 1.6.21
apache subversion 1.6.18
serf_project serf 0.4.0
serf_project serf 0.7.2
apache subversion 1.5.4
apache subversion 1.6.19
serf_project serf 1.0.1
apache subversion 1.5.3
apache subversion 1.7.12
serf_project serf 1.3.1
apache subversion 1.6.3
serf_project serf 1.1.1
apache subversion 1.7.15
apache subversion 1.8.9
canonical ubuntu_linux 14.04
apache subversion 1.6.23
apache subversion 1.7.0
serf_project serf 0.2.0
apache subversion 1.6.13
apache subversion 1.8.6
serf_project serf 0.3.0
apache subversion 1.4.4
apache subversion 1.6.2
apache subversion 1.6.4
apache subversion 1.7.7
apache subversion 1.6.9
apache subversion 1.7.3
apache subversion 1.7.13
apache subversion 1.8.1
serf_project serf 1.2.0
serf_project serf 1.3.4
apache subversion 1.7.11
serf_project serf 0.7.0
apache subversion 1.7.1
serf_project serf 1.1.0