CVE-2015-3185

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
http://rhn.redhat.com/errata/RHSA-2015-1666.html
http://rhn.redhat.com/errata/RHSA-2015-1667.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.apache.org/dist/httpd/CHANGES_2.4
http://www.debian.org/security/2015/dsa-3325
http://www.securityfocus.com/bid/75965
http://www.securitytracker.com/id/1032967
http://www.ubuntu.com/usn/USN-2686-1
https://access.redhat.com/errata/RHSA-2017:2708
https://access.redhat.com/errata/RHSA-2017:2709
https://access.redhat.com/errata/RHSA-2017:2710
https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708
https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://support.apple.com/HT205217
https://support.apple.com/HT205219
https://support.apple.com/kb/HT205031

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:apache:http_server:2.4.0:::::::*
	cpe:2.3:a:apache:http_server:2.4.1:::::::*
	cpe:2.3:a:apache:http_server:2.4.2:::::::*
	cpe:2.3:a:apache:http_server:2.4.3:::::::*
	cpe:2.3:a:apache:http_server:2.4.4:::::::*
	cpe:2.3:a:apache:http_server:2.4.6:::::::*
	cpe:2.3:a:apache:http_server:2.4.7:::::::*
	cpe:2.3:a:apache:http_server:2.4.8:::::::*
	cpe:2.3:a:apache:http_server:2.4.9:::::::*
	cpe:2.3:a:apache:http_server:2.4.10:::::::*
	cpe:2.3:a:apache:http_server:2.4.12:::::::*
	cpe:2.3:a:apache:http_server:2.4.13:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:apple:xcode:7.0:::::::*
	cpe:2.3:o:apple:mac_os_x:10.10.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:5.0.3:::::::*

History

No history.

Information

Published : 2015-07-20 23:59

Updated : 2023-11-07 02:25

NVD link : CVE-2015-3185

Mitre link : CVE-2015-3185

CVE.ORG link : CVE-2015-3185

JSON object : View

Products Affected

apache

http_server

apple

xcode
mac_os_x
mac_os_x_server

canonical

ubuntu_linux

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-3185", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-20T23:59:03.770", "references": [{"url": "http://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html", "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html", "source": "secalert@redhat.com"}, {"url": "http://www.apache.org/dist/httpd/CHANGES_2.4", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2015/dsa-3325", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/75965", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1032967", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2686-1", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2708", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2709", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2710", "source": "secalert@redhat.com"}, {"url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708", "source": "secalert@redhat.com"}, {"url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/HT205217", "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/HT205219", "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/kb/HT205031", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en su versi\u00f3n 2.4.x anteriores a la 2.4.14 no considera que una directiva Require puede estar asociada con el establecimiento de una autorizaci\u00f3n en lugar de un ajuste de autenticaci\u00f3n lo cual permite a atacantes remotos evadir las restricciones destinadas al acceso en circunstancias oportunas mediante el aprovechamiento de la presencia de un m\u00f3dulo que se basa en el comportamiento en la API 2.2."}], "lastModified": "2023-11-07T02:25:31.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDC40E89-2D57-4988-913E-024BFB56B367"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAA27058-BACF-4F94-8E3C-7D38EC302EC1"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7D924D1-8A36-4C43-9E56-52814F9A6350"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA089AB-AF28-4AE1-AE39-6D1B8192A3DF"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39CDFECC-E26D-47E0-976F-6629040B3764"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3ECBCB1-0675-41F5-857B-438F36925F63"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF77159D-505A-475C-A137-4F89D4769B8F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7344422F-F65A-4000-A9EF-8D323DA29011"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B0A12E-E122-4189-A05E-4FEA43C19876"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ACDF399-AE56-4130-8686-F8E4C9014DD9"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

4.3 /10