Search for vulnerabilities
Vulnerability details: VCID-crdp-g7p2-byes
Vulnerability ID VCID-crdp-g7p2-byes
Aliases CVE-2014-3577
GHSA-cfh5-3ghh-wfjx
Summary certificate verification bypass
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-347 Improper Verification of Cryptographic Signature
CWE-297 Improper Validation of Certificate with Host Mismatch
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html
generic_textual MODERATE http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1146.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1166.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1833.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1834.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1835.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1836.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1891.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1892.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0125.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0158.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0675.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0720.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0765.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0850.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0851.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1176.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1177.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1888.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-1773.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-1931.html
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3577.json
generic_textual MODERATE https://access.redhat.com/solutions/1165533
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2014-3577
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2014-3577
generic_textual MODERATE http://seclists.org/fulldisclosure/2014/Aug/48
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/95327
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-cfh5-3ghh-wfjx
generic_textual MODERATE https://github.com/advisories/GHSA-cfh5-3ghh-wfjx
generic_textual MODERATE https://github.com/apache/httpcomponents-client
generic_textual MODERATE https://github.com/apache/httpcomponents-client/commit/51cc67567765d67f878f0dcef61b5ded454d3122
generic_textual MODERATE https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-3577
archlinux Medium https://security.archlinux.org/AVG-2448
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20231027-0003
generic_textual MODERATE https://svn.apache.org/viewvc?view=revision&revision=1614064
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2021/10/06/1
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual MODERATE http://www.ubuntu.com/usn/USN-2769-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html
http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
http://rhn.redhat.com/errata/RHSA-2014-1146.html
http://rhn.redhat.com/errata/RHSA-2014-1166.html
http://rhn.redhat.com/errata/RHSA-2014-1833.html
http://rhn.redhat.com/errata/RHSA-2014-1834.html
http://rhn.redhat.com/errata/RHSA-2014-1835.html
http://rhn.redhat.com/errata/RHSA-2014-1836.html
http://rhn.redhat.com/errata/RHSA-2014-1891.html
http://rhn.redhat.com/errata/RHSA-2014-1892.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0158.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://rhn.redhat.com/errata/RHSA-2015-0850.html
http://rhn.redhat.com/errata/RHSA-2015-0851.html
http://rhn.redhat.com/errata/RHSA-2015-1176.html
http://rhn.redhat.com/errata/RHSA-2015-1177.html
http://rhn.redhat.com/errata/RHSA-2015-1888.html
http://rhn.redhat.com/errata/RHSA-2016-1773.html
http://rhn.redhat.com/errata/RHSA-2016-1931.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3577.json
https://access.redhat.com/solutions/1165533
https://api.first.org/data/v1/epss?cve=CVE-2014-3577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577
http://seclists.org/fulldisclosure/2014/Aug/48
http://secunia.com/advisories/60466
http://secunia.com/advisories/60589
http://secunia.com/advisories/60713
https://exchange.xforce.ibmcloud.com/vulnerabilities/95327
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-cfh5-3ghh-wfjx
https://github.com/apache/httpcomponents-client
https://github.com/apache/httpcomponents-client/commit/51cc67567765d67f878f0dcef61b5ded454d3122
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2014-3577
https://security.netapp.com/advisory/ntap-20231027-0003
https://svn.apache.org/viewvc?view=revision&revision=1614064
http://www.openwall.com/lists/oss-security/2021/10/06/1
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.osvdb.org/110143
http://www.securityfocus.com/bid/69258
http://www.securitytracker.com/id/1030812
http://www.ubuntu.com/usn/USN-2769-1
1129074 https://bugzilla.redhat.com/show_bug.cgi?id=1129074
758086 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758086
AVG-2448 https://security.archlinux.org/AVG-2448
RHSA-2014:1082 https://access.redhat.com/errata/RHSA-2014:1082
RHSA-2014:1146 https://access.redhat.com/errata/RHSA-2014:1146
RHSA-2014:1162 https://access.redhat.com/errata/RHSA-2014:1162
RHSA-2014:1163 https://access.redhat.com/errata/RHSA-2014:1163
RHSA-2014:1166 https://access.redhat.com/errata/RHSA-2014:1166
RHSA-2014:1320 https://access.redhat.com/errata/RHSA-2014:1320
RHSA-2014:1321 https://access.redhat.com/errata/RHSA-2014:1321
RHSA-2014:1322 https://access.redhat.com/errata/RHSA-2014:1322
RHSA-2014:1323 https://access.redhat.com/errata/RHSA-2014:1323
RHSA-2014:1833 https://access.redhat.com/errata/RHSA-2014:1833
RHSA-2014:1834 https://access.redhat.com/errata/RHSA-2014:1834
RHSA-2014:1835 https://access.redhat.com/errata/RHSA-2014:1835
RHSA-2014:1836 https://access.redhat.com/errata/RHSA-2014:1836
RHSA-2014:1891 https://access.redhat.com/errata/RHSA-2014:1891
RHSA-2014:1892 https://access.redhat.com/errata/RHSA-2014:1892
RHSA-2014:1904 https://access.redhat.com/errata/RHSA-2014:1904
RHSA-2014:2019 https://access.redhat.com/errata/RHSA-2014:2019
RHSA-2014:2020 https://access.redhat.com/errata/RHSA-2014:2020
RHSA-2015:0125 https://access.redhat.com/errata/RHSA-2015:0125
RHSA-2015:0158 https://access.redhat.com/errata/RHSA-2015:0158
RHSA-2015:0234 https://access.redhat.com/errata/RHSA-2015:0234
RHSA-2015:0235 https://access.redhat.com/errata/RHSA-2015:0235
RHSA-2015:0675 https://access.redhat.com/errata/RHSA-2015:0675
RHSA-2015:0720 https://access.redhat.com/errata/RHSA-2015:0720
RHSA-2015:0765 https://access.redhat.com/errata/RHSA-2015:0765
RHSA-2015:0850 https://access.redhat.com/errata/RHSA-2015:0850
RHSA-2015:0851 https://access.redhat.com/errata/RHSA-2015:0851
RHSA-2015:1009 https://access.redhat.com/errata/RHSA-2015:1009
RHSA-2015:1176 https://access.redhat.com/errata/RHSA-2015:1176
RHSA-2015:1177 https://access.redhat.com/errata/RHSA-2015:1177
RHSA-2015:1888 https://access.redhat.com/errata/RHSA-2015:1888
RHSA-2016:1773 https://access.redhat.com/errata/RHSA-2016:1773
RHSA-2016:1931 https://access.redhat.com/errata/RHSA-2016:1931
RHSA-2022:0055 https://access.redhat.com/errata/RHSA-2022:0055
USN-2769-1 https://usn.ubuntu.com/2769-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3577.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.62412
EPSS Score 0.00442
Published At July 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T11:54:18.792979+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-2448 36.1.3