The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
References
Link Providers
http://httpd.apache.org/security/vulnerabilities_24.html cve-icon cve-icon
http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16 cve-icon
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1666.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1667.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2957.html cve-icon cve-icon
http://www.apache.org/dist/httpd/CHANGES_2.4 cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3325 cve-icon cve-icon
http://www.securityfocus.com/bid/75965 cve-icon cve-icon
http://www.securitytracker.com/id/1032967 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2686-1 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2708 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2709 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2710 cve-icon cve-icon
https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708 cve-icon cve-icon
https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73 cve-icon cve-icon
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2015-3185 cve-icon
https://support.apple.com/HT205217 cve-icon cve-icon
https://support.apple.com/HT205219 cve-icon cve-icon
https://support.apple.com/kb/HT205031 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2015-3185 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-07-20T23:00:00

Updated: 2024-08-06T05:39:31.678Z

Reserved: 2015-04-10T00:00:00

Link: CVE-2015-3185

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-07-20T23:59:03.770

Modified: 2024-11-21T02:28:51.297

Link: CVE-2015-3185

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-07-15T00:00:00Z

Links: CVE-2015-3185 - Bugzilla