Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3185

Опубликовано: 20 июл. 2015
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06515
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2015-3185

ubuntu
около 10 лет назад

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

redhat логотип

CVE-2015-3185

CVSS3: 3.7
redhat
около 10 лет назад

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

debian логотип

CVE-2015-3185

debian
около 10 лет назад

The ap_some_auth_required function in server/request.c in the Apache H ...

github логотип

GHSA-5fv4-m5x3-j32p

github
больше 3 лет назад

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

fstec логотип

BDU:2015-10929

fstec
около 10 лет назад

Уязвимость веб-сервера Apache HTTP Server, позволяющая нарушителю обойти существующие ограничения доступа

EPSS

Процентиль: 91%
0.06515
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264