Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-3185

Опубликовано: 20 июл. 2015
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

РелизСтатусПримечание
devel

released

2.4.12-2ubuntu2
esm-infra-legacy/trusty

released

2.4.7-1ubuntu4.5
precise

not-affected

2.2.22-1ubuntu1.9
trusty

released

2.4.7-1ubuntu4.5
trusty/esm

released

2.4.7-1ubuntu4.5
upstream

released

2.4.16
utopic

ignored

end of life
vivid

released

2.4.10-9ubuntu1.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.06515
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2015-3185

CVSS3: 3.7
redhat
около 10 лет назад

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

nvd логотип

CVE-2015-3185

nvd
около 10 лет назад

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

debian логотип

CVE-2015-3185

debian
около 10 лет назад

The ap_some_auth_required function in server/request.c in the Apache H ...

github логотип

GHSA-5fv4-m5x3-j32p

github
больше 3 лет назад

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

fstec логотип

BDU:2015-10929

fstec
около 10 лет назад

Уязвимость веб-сервера Apache HTTP Server, позволяющая нарушителю обойти существующие ограничения доступа

EPSS

Процентиль: 91%
0.06515
Низкий

4.3 Medium

CVSS2

Уязвимость CVE-2015-3185