GSD-2015-3185
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3185",
"description": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.",
"id": "GSD-2015-3185",
"references": [
"https://www.suse.com/security/cve/CVE-2015-3185.html",
"https://www.debian.org/security/2015/dsa-3325",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2016:2957",
"https://access.redhat.com/errata/RHSA-2015:1667",
"https://access.redhat.com/errata/RHSA-2015:1666",
"https://ubuntu.com/security/CVE-2015-3185",
"https://advisories.mageia.org/CVE-2015-3185.html",
"https://alas.aws.amazon.com/cve/html/CVE-2015-3185.html",
"https://linux.oracle.com/cve/CVE-2015-3185.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-3185"
],
"details": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.",
"id": "GSD-2015-3185",
"modified": "2023-12-13T01:20:07.617956Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1684",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708",
"refsource": "CONFIRM",
"url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708"
},
{
"name": "RHSA-2015:1667",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html"
},
{
"name": "https://support.apple.com/HT205217",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205217"
},
{
"name": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"name": "APPLE-SA-2015-09-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name": "RHSA-2017:2709",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"name": "RHSA-2015:1666",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
},
{
"name": "1032967",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032967"
},
{
"name": "USN-2686-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2686-1"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "75965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75965"
},
{
"name": "DSA-3325",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3325"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "RHSA-2017:2710",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"name": "APPLE-SA-2015-09-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "https://support.apple.com/HT205219",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205219"
},
{
"name": "RHSA-2017:2708",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73",
"refsource": "CONFIRM",
"url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3185"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"name": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "USN-2686-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2686-1"
},
{
"name": "https://support.apple.com/HT205217",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/HT205217"
},
{
"name": "APPLE-SA-2015-09-16-4",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "APPLE-SA-2015-09-16-2",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name": "https://support.apple.com/HT205219",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/HT205219"
},
{
"name": "75965",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/75965"
},
{
"name": "openSUSE-SU-2015:1684",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"name": "DSA-3325",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2015/dsa-3325"
},
{
"name": "RHSA-2015:1667",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1667.html"
},
{
"name": "1032967",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1032967"
},
{
"name": "RHSA-2017:2710",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"name": "RHSA-2017:2709",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"name": "RHSA-2017:2708",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "RHSA-2015:1666",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2021-06-06T11:15Z",
"publishedDate": "2015-07-20T23:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…