Search for packages
| purl | pkg:rpm/redhat/httpd@2.4.6-31.ael7b_1?arch=1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 1.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3wuk-hwg1-6fa6
Aliases: CVE-2015-3185 |
A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead. | There are no reported fixed by versions. |
|
VCID-k4kb-21tp-4kc8
Aliases: CVE-2015-3183 |
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:40:20.917739+00:00 | RedHat Importer | Affected by | VCID-3wuk-hwg1-6fa6 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json | 38.0.0 |
| 2026-04-01T14:40:20.377033+00:00 | RedHat Importer | Affected by | VCID-k4kb-21tp-4kc8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json | 38.0.0 |