Lucene search

RedhatCVELIST:CVE-2015-3185

HistoryJul 20, 2015 - 11:00 p.m.

CVE-2015-3185

2015-07-2023:00:00

redhat

www.cve.org

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.6%

JSON

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

References

httpd.apache.org/security/vulnerabilities_24.html

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

rhn.redhat.com/errata/RHSA-2015-1666.html

rhn.redhat.com/errata/RHSA-2015-1667.html

rhn.redhat.com/errata/RHSA-2016-2957.html

www.apache.org/dist/httpd/CHANGES_2.4

www.debian.org/security/2015/dsa-3325

www.securityfocus.com/bid/75965

www.securitytracker.com/id/1032967

www.ubuntu.com/usn/USN-2686-1

access.redhat.com/errata/RHSA-2017:2708

access.redhat.com/errata/RHSA-2017:2709

access.redhat.com/errata/RHSA-2017:2710

github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708

github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73

lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

support.apple.com/HT205217

support.apple.com/HT205219

support.apple.com/kb/HT205031