admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2015/CVE-2015-31xx/CVE-2015-3185.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

323 lines
12 KiB
JSON
Raw Blame History

{
"id": "CVE-2015-3185",
"sourceIdentifier": "secalert@redhat.com",
"published": "2015-07-20T23:59:03.770",
"lastModified": "2021-06-06T11:15:19.167",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en su versi\u00f3n 2.4.x anteriores a la 2.4.14 no considera que una directiva Require puede estar asociada con el establecimiento de una autorizaci\u00f3n en lugar de un ajuste de autenticaci\u00f3n lo cual permite a atacantes remotos evadir las restricciones destinadas al acceso en circunstancias oportunas mediante el aprovechamiento de la presencia de un m\u00f3dulo que se basa en el comportamiento en la API 2.2."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC40E89-2D57-4988-913E-024BFB56B367"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA27058-BACF-4F94-8E3C-7D38EC302EC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D924D1-8A36-4C43-9E56-52814F9A6350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA089AB-AF28-4AE1-AE39-6D1B8192A3DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "39CDFECC-E26D-47E0-976F-6629040B3764"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E3ECBCB1-0675-41F5-857B-438F36925F63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EF77159D-505A-475C-A137-4F89D4769B8F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7344422F-F65A-4000-A9EF-8D323DA29011"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B0A12E-E122-4189-A05E-4FEA43C19876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACDF399-AE56-4130-8686-F8E4C9014DD9"
}
]
}
]
}
],
"references": [
{
"url": "http://httpd.apache.org/security/vulnerabilities_24.html",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"source": "secalert@redhat.com"
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html",
"source": "secalert@redhat.com"
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"source": "secalert@redhat.com"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"source": "secalert@redhat.com"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"source": "secalert@redhat.com"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"source": "secalert@redhat.com"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"source": "secalert@redhat.com"
},
{
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"source": "secalert@redhat.com"
},
{
"url": "http://www.debian.org/security/2015/dsa-3325",
"source": "secalert@redhat.com"
},
{
"url": "http://www.securityfocus.com/bid/75965",
"source": "secalert@redhat.com"
},
{
"url": "http://www.securitytracker.com/id/1032967",
"source": "secalert@redhat.com"
},
{
"url": "http://www.ubuntu.com/usn/USN-2686-1",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2708",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2709",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2710",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/HT205217",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/HT205219",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT205031",
"source": "secalert@redhat.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink