The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 02:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html - | |
References | () http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html - | |
References | () http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html - | |
References | () http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2015-1666.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2015-1667.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2957.html - | |
References | () http://www.apache.org/dist/httpd/CHANGES_2.4 - | |
References | () http://www.debian.org/security/2015/dsa-3325 - | |
References | () http://www.securityfocus.com/bid/75965 - | |
References | () http://www.securitytracker.com/id/1032967 - | |
References | () http://www.ubuntu.com/usn/USN-2686-1 - | |
References | () https://access.redhat.com/errata/RHSA-2017:2708 - | |
References | () https://access.redhat.com/errata/RHSA-2017:2709 - | |
References | () https://access.redhat.com/errata/RHSA-2017:2710 - | |
References | () https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708 - | |
References | () https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73 - | |
References | () https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://support.apple.com/HT205217 - | |
References | () https://support.apple.com/HT205219 - | |
References | () https://support.apple.com/kb/HT205031 - |
07 Nov 2023, 02:25
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-07-20 23:59
Updated : 2024-11-21 02:28
NVD link : CVE-2015-3185
Mitre link : CVE-2015-3185
CVE.ORG link : CVE-2015-3185
JSON object : View
Products Affected
apple
- mac_os_x_server
- xcode
- mac_os_x
canonical
- ubuntu_linux
apache
- http_server
CWE
CWE-264
Permissions, Privileges, and Access Controls