{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-06T10:12:19", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2015:1684", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708"}, {"name": "RHSA-2015:1667", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205217"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"}, {"name": "APPLE-SA-2015-09-16-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"}, {"name": "RHSA-2017:2709", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2709"}, {"name": "RHSA-2015:1666", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"}, {"name": "1032967", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032967"}, {"name": "USN-2686-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2686-1"}, {"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "75965", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75965"}, {"name": "DSA-3325", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3325"}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT205031"}, {"name": "RHSA-2017:2710", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2710"}, {"name": "APPLE-SA-2015-09-16-4", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205219"}, {"name": "RHSA-2017:2708", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2708"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3185", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:1684", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"name": "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708", "refsource": "CONFIRM", "url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708"}, {"name": "RHSA-2015:1667", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html"}, {"name": "https://support.apple.com/HT205217", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205217"}, {"name": "http://www.apache.org/dist/httpd/CHANGES_2.4", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"}, {"name": "APPLE-SA-2015-09-16-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"}, {"name": "RHSA-2017:2709", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2709"}, {"name": "RHSA-2015:1666", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"}, {"name": "1032967", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032967"}, {"name": "USN-2686-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2686-1"}, {"name": "APPLE-SA-2015-08-13-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "75965", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75965"}, {"name": "DSA-3325", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3325"}, {"name": "RHSA-2016:2957", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"name": "https://support.apple.com/kb/HT205031", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT205031"}, {"name": "RHSA-2017:2710", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2710"}, {"name": "APPLE-SA-2015-09-16-4", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"name": "https://support.apple.com/HT205219", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205219"}, {"name": "RHSA-2017:2708", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2708"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"}, {"name": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73", "refsource": "CONFIRM", "url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:31.678Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:1684", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708"}, {"name": "RHSA-2015:1667", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205217"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"}, {"name": "APPLE-SA-2015-09-16-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"}, {"name": "RHSA-2017:2709", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2709"}, {"name": "RHSA-2015:1666", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"}, {"name": "1032967", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032967"}, {"name": "USN-2686-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2686-1"}, {"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "75965", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75965"}, {"name": "DSA-3325", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3325"}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT205031"}, {"name": "RHSA-2017:2710", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2710"}, {"name": "APPLE-SA-2015-09-16-4", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205219"}, {"name": "RHSA-2017:2708", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2708"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3185", "datePublished": "2015-07-20T23:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:31.678Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDC40E89-2D57-4988-913E-024BFB56B367", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "EAA27058-BACF-4F94-8E3C-7D38EC302EC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "E7D924D1-8A36-4C43-9E56-52814F9A6350", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "DFA089AB-AF28-4AE1-AE39-6D1B8192A3DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "39CDFECC-E26D-47E0-976F-6629040B3764", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "E3ECBCB1-0675-41F5-857B-438F36925F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "EF77159D-505A-475C-A137-4F89D4769B8F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "7344422F-F65A-4000-A9EF-8D323DA29011", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "E8B0A12E-E122-4189-A05E-4FEA43C19876", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8ACDF399-AE56-4130-8686-F8E4C9014DD9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en su versi\u00f3n 2.4.x anteriores a la 2.4.14 no considera que una directiva Require puede estar asociada con el establecimiento de una autorizaci\u00f3n en lugar de un ajuste de autenticaci\u00f3n lo cual permite a atacantes remotos evadir las restricciones destinadas al acceso en circunstancias oportunas mediante el aprovechamiento de la presencia de un m\u00f3dulo que se basa en el comportamiento en la API 2.2."}], "id": "CVE-2015-3185", "lastModified": "2024-11-21T02:28:51.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-20T23:59:03.770", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"source": "secalert@redhat.com", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3325"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/75965"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1032967"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2686-1"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2708"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2709"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2710"}, {"source": "secalert@redhat.com", "url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708"}, {"source": "secalert@redhat.com", "url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://support.apple.com/HT205217"}, {"source": "secalert@redhat.com", "url": "https://support.apple.com/HT205219"}, {"source": "secalert@redhat.com", "url": "https://support.apple.com/kb/HT205031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2686-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2708"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2710"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/HT205217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/HT205219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT205031"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:2710", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-09-13T00:00:00Z"}, {"advisory": "RHSA-2017:2710", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2017-09-13T00:00:00Z"}, {"advisory": "RHSA-2017:2709", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-09-13T00:00:00Z"}, {"advisory": "RHSA-2017:2709", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2017-09-13T00:00:00Z"}, {"advisory": "RHSA-2015:1667", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "httpd-0:2.4.6-31.el7_1.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-08-24T00:00:00Z"}, {"advisory": "RHSA-2015:1666", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "httpd24-httpd-0:2.4.12-4.el6.2", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-08-24T00:00:00Z"}, {"advisory": "RHSA-2015:1666", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "httpd24-httpd-0:2.4.12-4.el6.2", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-08-24T00:00:00Z"}, {"advisory": "RHSA-2015:1666", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "httpd24-httpd-0:2.4.12-4.el6.2", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-08-24T00:00:00Z"}, {"advisory": "RHSA-2015:1666", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "httpd24-httpd-0:2.4.12-6.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-08-24T00:00:00Z"}, {"advisory": "RHSA-2015:1666", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "httpd24-httpd-0:2.4.12-6.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2015-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:2957", "cpe": "cpe:/a:redhat:jboss_core_services:1", "product_name": "Text-Only JBCS", "release_date": "2016-12-15T00:00:00Z"}, {"advisory": "RHSA-2017:2708", "cpe": "cpe:/a:redhat:jboss_core_services:1", "product_name": "Text-Only JBCS", "release_date": "2017-09-13T00:00:00Z"}], "bugzilla": {"description": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4", "id": "1243888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-287", "details": ["The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.", "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied."], "name": "CVE-2015-3185", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "httpd", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:directory_server:8", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Directory Server 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Affected", "package_name": "httpd24", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2015-07-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3185\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3185\nhttp://httpd.apache.org/security/vulnerabilities_24.html#2.4.16"], "threat_severity": "Moderate", "upstream_fix": "httpd 2.4.16"}