Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/httpd@2.4.5
Typeapache
Namespace
Namehttpd
Version2.4.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.42
Latest_non_vulnerable_version2.4.54
Affected_by_vulnerabilities
0
url VCID-3wuk-hwg1-6fa6
vulnerability_id VCID-3wuk-hwg1-6fa6
summary A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3185
reference_id
reference_type
scores
0
value 0.09491
scoring_system epss
scoring_elements 0.92802
published_at 2026-04-01T12:55:00Z
1
value 0.09491
scoring_system epss
scoring_elements 0.92809
published_at 2026-04-02T12:55:00Z
2
value 0.09491
scoring_system epss
scoring_elements 0.92814
published_at 2026-04-04T12:55:00Z
3
value 0.09491
scoring_system epss
scoring_elements 0.92812
published_at 2026-04-07T12:55:00Z
4
value 0.09491
scoring_system epss
scoring_elements 0.92821
published_at 2026-04-08T12:55:00Z
5
value 0.09491
scoring_system epss
scoring_elements 0.92825
published_at 2026-04-09T12:55:00Z
6
value 0.09491
scoring_system epss
scoring_elements 0.92829
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3185
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1243888
reference_id 1243888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1243888
5
reference_url https://httpd.apache.org/security/json/CVE-2015-3185.json
reference_id CVE-2015-3185
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2015-3185.json
6
reference_url https://access.redhat.com/errata/RHSA-2015:1666
reference_id RHSA-2015:1666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1666
7
reference_url https://access.redhat.com/errata/RHSA-2015:1667
reference_id RHSA-2015:1667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1667
8
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
9
reference_url https://access.redhat.com/errata/RHSA-2017:2708
reference_id RHSA-2017:2708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2708
10
reference_url https://access.redhat.com/errata/RHSA-2017:2709
reference_id RHSA-2017:2709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2709
11
reference_url https://access.redhat.com/errata/RHSA-2017:2710
reference_id RHSA-2017:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2710
12
reference_url https://usn.ubuntu.com/2686-1/
reference_id USN-2686-1
reference_type
scores
url https://usn.ubuntu.com/2686-1/
fixed_packages
0
url pkg:apache/httpd@2.4.16
purl pkg:apache/httpd@2.4.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1189-ej89-hybs
1
vulnerability VCID-17hy-4ppt-xyhw
2
vulnerability VCID-2nmh-7tfa-zyb2
3
vulnerability VCID-2xc4-7zg9-y7fw
4
vulnerability VCID-3djp-gq4c-1fa9
5
vulnerability VCID-5bej-9h7w-33c8
6
vulnerability VCID-5xrt-1n1q-4bey
7
vulnerability VCID-66k7-maf9-dfcd
8
vulnerability VCID-8gcm-7q3n-q7bm
9
vulnerability VCID-91u7-vh6n-v7fm
10
vulnerability VCID-9qdr-1v39-d7b7
11
vulnerability VCID-auhk-ppv5-buaa
12
vulnerability VCID-bvkg-nrwd-e7g8
13
vulnerability VCID-ct26-19cq-8kd7
14
vulnerability VCID-f2y3-s6j8-7ygr
15
vulnerability VCID-fqem-96w3-rucb
16
vulnerability VCID-fyrq-yg2u-jkc7
17
vulnerability VCID-h6kk-81jx-h7b8
18
vulnerability VCID-jt89-ruvk-1kbj
19
vulnerability VCID-jzuw-73df-mfff
20
vulnerability VCID-pc2n-ga7g-byga
21
vulnerability VCID-q5wm-suxb-jfeb
22
vulnerability VCID-qayj-kts9-3fde
23
vulnerability VCID-rfqy-e7pv-dyfy
24
vulnerability VCID-scf1-zmu7-e3b2
25
vulnerability VCID-uwqg-yytc-vfae
26
vulnerability VCID-w6p6-u8ku-k3f6
27
vulnerability VCID-wgte-97r1-j7a9
28
vulnerability VCID-zc2p-sfu7-jkhc
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.16
aliases CVE-2015-3185
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wuk-hwg1-6fa6
Fixing_vulnerabilities
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.5