{
  "threat_severity" : "Moderate",
  "public_date" : "2014-08-11T00:00:00Z",
  "bugzilla" : {
    "description" : "subversion: incorrect SSL certificate validation in Serf RA (repository access) layer",
    "id" : "1127063",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127063"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-295",
  "details" : [ "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate." ],
  "statement" : "Not vulnerable. This issue did not the versions of subversion as shipped with Red Hat Enterprise Linux 5, 6, and 7, as they do not use the Serf RA layer.",
  "acknowledgement" : "Red Hat would like to thank Subversion project for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "subversion",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "subversion",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "subversion",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-3522\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3522\nhttp://subversion.apache.org/security/CVE-2014-3522-advisory.txt" ],
  "name" : "CVE-2014-3522",
  "csaw" : false
}