Home

CVE-2015-3185

Description

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

Risk Information

Base Score
3.7
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
9.491

Associated Vulnerability

VulnerabilityOS Platform
Update Apache to version 2.4.16Windows
Vulnerabilities CVE-2015-3185 are fixed in Apache 2.4.16Windows
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 UpdateMac
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo UpdateMac
Apache HTTP server (USN-2686-1) apache2.2-bin_2.4.10-9ubuntu1.1_i386.debLinux
Apache HTTP server (USN-2686-1) apache2.2-bin_2.4.10-9ubuntu1.1_amd64.debLinux
Apache HTTP server (USN-2686-1) apache2.2-bin_2.2.22-1ubuntu1.10_i386.debLinux
Apache HTTP server (USN-2686-1) apache2.2-bin_2.2.22-1ubuntu1.10_amd64.debLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-debugsource-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-doc-2.4.10-14.10.1.noarch.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-example-pages-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_auth_kerb-5.4-2.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_auth_kerb-debuginfo-5.4-2.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_auth_kerb-debugsource-5.4-2.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_jk-1.2.40-2.6.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_jk-debuginfo-1.2.40-2.6.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_jk-debugsource-1.2.40-2.6.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_security2-2.8.0-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_security2-debuginfo-2.8.0-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-mod_security2-debugsource-2.8.0-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-prefork-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-prefork-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-utils-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-utils-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-worker-2.4.10-14.10.1.x86_64.rpmLinux
SUSE-SU-2015:1851-1(SUSE Linux Enterprise Server 12 ) apache2-worker-debuginfo-2.4.10-14.10.1.x86_64.rpmLinux
Httpd24-httpd update (ELSA-2015-1666) httpd24-httpd-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-httpd-devel update (ELSA-2015-1666) httpd24-httpd-devel-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-httpd-tools update (ELSA-2015-1666) httpd24-httpd-tools-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_ldap update (ELSA-2015-1666) httpd24-mod_ldap-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_proxy_html update (ELSA-2015-1666) httpd24-mod_proxy_html-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_session update (ELSA-2015-1666) httpd24-mod_session-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-mod_ssl update (ELSA-2015-1666) httpd24-mod_ssl-2.4.12-6.0.1.el7.1.x86_64.rpmLinux
Httpd24-httpd-manual update (ELSA-2015-1666) httpd24-httpd-manual-2.4.12-6.0.1.el7.1.noarch.rpmLinux
Update Apache to version 2.4.16 (For Linux)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-600354OS X Yosemite 10.10.5 Update
PATCH-600458OS X Yosemite 10.10.5 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234