VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-nj6c-4cty-qkgn

Vulnerability ID	VCID-nj6c-4cty-qkgn
Aliases	CVE-2015-3185
Summary	A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.
Status	Published
Exploitability	0.5
Weighted Severity	3.3
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-287

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json
epss	0.04065	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.04065	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
epss	0.06515	https://api.first.org/data/v1/epss?cve=CVE-2015-3185
apache_httpd	low	https://httpd.apache.org/security/json/CVE-2015-3185.json

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-3185
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
1243888		https://bugzilla.redhat.com/show_bug.cgi?id=1243888
CVE-2015-3185		https://httpd.apache.org/security/json/CVE-2015-3185.json
RHSA-2015:1666		https://access.redhat.com/errata/RHSA-2015:1666
RHSA-2015:1667		https://access.redhat.com/errata/RHSA-2015:1667
RHSA-2016:2957		https://access.redhat.com/errata/RHSA-2016:2957
RHSA-2017:2708		https://access.redhat.com/errata/RHSA-2017:2708
RHSA-2017:2709		https://access.redhat.com/errata/RHSA-2017:2709
RHSA-2017:2710		https://access.redhat.com/errata/RHSA-2017:2710
USN-2686-1		https://usn.ubuntu.com/2686-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:29:00.905033+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2015-3185.json	37.0.0