Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2015-3185 | First vendor Publication | 2015-07-20 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-08-20 | IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X Severity : Category I - VMSKEY : V0061337 |
| 2015-07-23 | IAVM : 2015-A-0174 - Multiple Vulnerabilities in Apache HTTP Server Severity : Category I - VMSKEY : V0061135 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-09-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2710.nasl - Type : ACT_GATHER_INFO |
| 2017-09-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2709.nasl - Type : ACT_GATHER_INFO |
| 2015-11-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1851-1.nasl - Type : ACT_GATHER_INFO |
| 2015-10-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-635.nasl - Type : ACT_GATHER_INFO |
| 2015-10-02 | Name : The remote Mac OS X host has an application installed that is affected by mul... File : macosx_xcode_7_0.nasl - Type : ACT_GATHER_INFO |
| 2015-09-22 | Name : The remote host is missing a security update for OS X Server. File : macosx_server_5_0_3.nasl - Type : ACT_GATHER_INFO |
| 2015-08-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1667.nasl - Type : ACT_GATHER_INFO |
| 2015-08-25 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1667.nasl - Type : ACT_GATHER_INFO |
| 2015-08-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1667.nasl - Type : ACT_GATHER_INFO |
| 2015-08-25 | Name : The remote application is affected by multiple vulnerabilities. File : securitycenter_apache_2_4_16.nasl - Type : ACT_GATHER_INFO |
| 2015-08-25 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150824_httpd_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
| 2015-08-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-579.nasl - Type : ACT_GATHER_INFO |
| 2015-08-17 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO |
| 2015-08-17 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-006.nasl - Type : ACT_GATHER_INFO |
| 2015-08-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3325.nasl - Type : ACT_GATHER_INFO |
| 2015-07-30 | Name : The remote Fedora host is missing a security update. File : fedora_2015-11792.nasl - Type : ACT_GATHER_INFO |
| 2015-07-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2686-1.nasl - Type : ACT_GATHER_INFO |
| 2015-07-23 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_4_16.nasl - Type : ACT_GATHER_INFO |
| 2015-07-22 | Name : The remote Fedora host is missing a security update. File : fedora_2015-11689.nasl - Type : ACT_GATHER_INFO |
| 2015-07-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-198-01.nasl - Type : ACT_GATHER_INFO |
| 2015-07-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a12494c12af411e586ff14dae9d210b8.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:44:40 |
|
| 2021-06-06 17:23:01 |
|
| 2021-06-03 13:23:11 |
|
| 2021-05-04 12:39:35 |
|
| 2021-04-22 01:48:27 |
|
| 2021-03-30 17:22:49 |
|
| 2020-10-27 21:23:18 |
|
| 2020-05-23 00:45:06 |
|
| 2019-08-16 12:03:33 |
|
| 2018-01-05 09:23:28 |
|
| 2017-12-09 09:22:20 |
|
| 2017-09-22 09:24:14 |
|
| 2017-09-16 13:25:28 |
|
| 2016-12-24 09:24:12 |
|
| 2016-12-08 09:23:42 |
|
| 2016-11-29 00:25:10 |
|
| 2016-07-08 21:24:18 |
|
| 2016-04-27 02:20:04 |
|
| 2015-11-04 13:24:03 |
|
| 2015-10-18 17:24:45 |
|
| 2015-10-07 13:24:35 |
|
| 2015-10-03 13:24:10 |
|
| 2015-09-23 13:24:11 |
|
| 2015-09-19 09:23:05 |
|
| 2015-08-27 13:38:46 |
|
| 2015-08-19 13:30:19 |
|
| 2015-08-19 00:24:13 |
|
| 2015-08-18 13:35:13 |
|
| 2015-08-18 09:20:07 |
|
| 2015-08-12 13:33:22 |
|
| 2015-07-31 13:29:02 |
|
| 2015-07-24 13:29:49 |
|
| 2015-07-22 05:31:18 |
|
| 2015-07-21 05:24:35 |
|
