Lucene search
UbuntuUSN-2686-1HistoryJul 27, 2015 - 12:00 a.m.
Apache HTTP Server vulnerabilities
2015-07-2700:00:00
ubuntu.com
58
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.6 High
AI Score
Confidence
Low
0.062 Low
EPSS
Percentile
93.6%
Releases
- Ubuntu 15.04
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- apache2 - Apache HTTP server
Details
It was discovered that the Apache HTTP Server incorrectly parsed chunk
headers. A remote attacker could possibly use this issue to perform HTTP
request smuggling attacks. (CVE-2015-3183)
It was discovered that the Apache HTTP Server incorrectly handled the
ap_some_auth_required API. A remote attacker could possibly use this issue
to bypass intended access restrictions. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.04. (CVE-2015-3185)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 15.04 | noarch | apache2.2-bin | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2 | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-bin | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-bin-dbgsym | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-data | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-dbg | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-dev | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-doc | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-mpm-event | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-mpm-itk | < 2.4.10-9ubuntu1.1 | UNKNOWN |
Related
openvas
openvas
Oracle: Security Advisory (ELSA-2015-1667)
2015-10-06 00:00:00
CentOS Update for httpd CESA-2015:1667 centos7
2015-08-26 00:00:00
Apache HTTP Server Multiple Vulnerabilities (Aug 2015) - Windows
2015-08-14 00:00:00
nessus
nessus
CentOS 7 : httpd (CESA-2015:1667)
2015-08-26 00:00:00
Tenable SecurityCenter Multiple Apache Vulnerabilities (TNS-2015-11)
2015-08-25 00:00:00
RHEL 7 : httpd (RHSA-2015:1667)
2015-08-25 00:00:00
oraclelinux
oraclelinux
httpd security update
2015-08-24 00:00:00
httpd24-httpd security update
2016-02-04 00:00:00
httpd security update
2015-08-24 00:00:00
redhat
redhat
(RHSA-2015:1667) Moderate: httpd security update
2015-08-24 00:00:00
(RHSA-2015:1666) Moderate: httpd24-httpd security update
2015-08-24 00:00:00
(RHSA-2015:1668) Moderate: httpd security update
2015-08-24 00:00:00
ibm
ibm
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2015-08-25 16:08:42
httpd, mod_ssl security update
2015-08-24 18:23:20
osv
osv
apache2 - security update
2015-08-01 00:00:00
apache2 - regression update
2015-08-01 00:00:00
apache2 - security update
2015-07-28 00:00:00
debian
debian
[SECURITY] [DSA 3325-1] apache2 security update
2015-08-01 22:04:23
[SECURITY] [DSA 3325-1] apache2 security update
2015-08-01 22:04:23
[SECURITY] [DSA 3325-2] apache2 regression update
2015-08-18 11:39:08
mageia
mageia
Updated apache package fixes security vulnerabilities
2015-07-27 12:53:07
securityvulns
securityvulns
Apache security vulnerabilities
2015-07-20 00:00:00
[slackware-security] httpd (SSA:2015-198-01)
2015-07-20 00:00:00
APPLE-SA-2015-09-16-2 Xcode 7.0
2015-10-05 00:00:00
kaspersky
kaspersky
KLA10640 Multiple vulnerabilities in Apache HTTP Server
2015-07-21 00:00:00
slackware
slackware
[slackware-security] httpd
2015-07-17 20:25:06
archlinux
archlinux
apache: multiple issues
2015-07-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:18:03
Access Restriction Bypass
2019-01-15 09:19:28
HTTP Request Smuggling
2019-01-15 09:07:33
fedora
fedora
[SECURITY] Fedora 22 Update: httpd-2.4.16-1.fc22
2015-07-21 08:12:37
[SECURITY] Fedora 21 Update: httpd-2.4.16-1.fc21
2015-07-30 00:52:03
freebsd
freebsd
apache24 -- multiple vulnerabilities
2015-02-04 00:00:00
apache22 -- chunk header parsing defect
2015-06-24 00:00:00
amazon
amazon
Medium: httpd24
2015-08-17 12:27:00
Medium: httpd
2015-08-17 12:23:00
f5
f5
SOL17236 - Apache HTTP server vulnerability CVE-2015-3185
2015-09-09 00:00:00
K17236 : Apache HTTP server vulnerability CVE-2015-3185
2015-09-10 00:00:00
SOL17251 - Apache vulnerability CVE-2015-3183
2015-09-09 00:00:00
debiancve
debiancve
CVE-2015-3185
2015-07-20 23:59:03
CVE-2015-3183
2015-07-20 23:59:02
cve
cve
CVE-2015-3185
2015-07-20 23:59:03
CVE-2015-3183
2015-07-20 23:59:02
cvelist
cvelist
CVE-2015-3185
2015-07-20 23:00:00
CVE-2015-3183
2015-07-20 23:00:00
nvd
nvd
CVE-2015-3185
2015-07-20 23:59:03
CVE-2015-3183
2015-07-20 23:59:02
prion
prion
Authorization
2015-07-20 23:59:00
Design/Logic Flaw
2015-07-20 23:59:00
httpd
httpd
Apache Httpd < 2.4.16 : HTTP request smuggling attack against chunked request parser
2015-04-04 00:00:00
Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser
2015-04-04 00:00:00
Apache Httpd < 2.4.16 : ap_some_auth_required API unusable
2013-08-05 00:00:00
ubuntucve
ubuntucve
gentoo
gentoo
Apache: Multiple vulnerabilities
2016-10-06 00:00:00
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
2017-06-29 17:41:22
Internet Bug Bounty: Multiple HTTP Smuggling reports
2019-07-17 22:47:10
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.6 High
AI Score
Confidence
Low
0.062 Low
EPSS
Percentile
93.6%
Related for USN-2686-1