4.3

CVE-2015-3185

EPSS 10.32%
Published 20.07.2015 23:59:03
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

Affected products Warnungen 0 Metrics 2 CWE 0 References 38

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.04

Apache ≫ HTTP Server Version2.4.0

Apache ≫ HTTP Server Version2.4.1

Apache ≫ HTTP Server Version2.4.2

Apache ≫ HTTP Server Version2.4.3

Apache ≫ HTTP Server Version2.4.4

Apache ≫ HTTP Server Version2.4.6

Apache ≫ HTTP Server Version2.4.7

Apache ≫ HTTP Server Version2.4.8

Apache ≫ HTTP Server Version2.4.9

Apache ≫ HTTP Server Version2.4.10

Apache ≫ HTTP Server Version2.4.12

Apache ≫ HTTP Server Version2.4.13

Apple ≫ XCode Version7.0

Apple ≫ macOS X Version10.10.4

Apple ≫ macOS X Server Version5.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.32%	0.929

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

https://support.apple.com/kb/HT205031

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

https://support.apple.com/HT205219

http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

https://support.apple.com/HT205217

https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

http://rhn.redhat.com/errata/RHSA-2015-1666.html

http://www.securitytracker.com/id/1032967

http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

http://www.apache.org/dist/httpd/CHANGES_2.4

http://rhn.redhat.com/errata/RHSA-2015-1667.html

http://www.debian.org/security/2015/dsa-3325

http://www.ubuntu.com/usn/USN-2686-1

http://www.securityfocus.com/bid/75965

https://access.redhat.com/errata/RHSA-2017:2708

https://access.redhat.com/errata/RHSA-2017:2709

https://access.redhat.com/errata/RHSA-2017:2710

https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708

https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73

https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2015-3185

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3185

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3185

EUVD