CVE-2015-3185
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
We have discovered 945,744 live websites that are affected by CVE-2015-3185.
Affected Software
| Product |  Apache |
| Category | Web Servers |
| Vulnerable Domains | 945,744 live websites (29.98% of Apache install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 101 versions ( 68.71% of all versions) |
Details
- Published - Jul 21, 2015
- Updated - Aug 6, 2024
CVE References
CVE-2015-3185 usage by Country
 United States | 273,414 websites |
 Taiwan | 109,312 websites |
 Germany | 90,273 websites |
 Japan | 54,269 websites |
 France | 42,325 websites |
 Netherlands | 39,667 websites |
 Russia | 37,383 websites |
 Singapore | 24,404 websites |
 Czech Republic | 24,045 websites |
 GB | 20,848 websites |
CVE-2015-3185 usage by TLD
| .com | 404,967 websites |
| .de | 64,753 websites |
| .net | 39,347 websites |
| .org | 33,202 websites |
| .ru | 32,765 websites |
| .nl | 28,611 websites |
| .cz | 19,603 websites |
| .jp | 16,450 websites |
| .it | 15,216 websites |
| .info | 15,011 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2015-3185
Top websites that are affected by CVE-2015-3185. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.***********.com |  Canada | *** | |
| *********.*************.se | United States | *** | |
| ********.*********.com | Singapore | *,*** | |
| ******************.com | United States | *,*** | |
| *********.******.net | United States | *,*** | |
| ****.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| ****.**.pl |  Poland | *,*** | |
| ******.com | Japan | *,*** | |
| ********.********.de | Germany | *,*** |
FAQ
A total of 945,744 websites have been identified as vulnerable to CVE-2015-3185, discovered through global website indexing conducted by WebTechSurvey.
Apache is susceptible to CVE-2015-3185 vulnerability.
Apache versions before 2.4.14 are vulnerable to CVE-2015-3185.
Version 2.4.14 of Apache addresses the CVE-2015-3185 security vulnerability.
References
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
- http://httpd.apache.org/security/vulnerabilities_24.html
- https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708
- http://rhn.redhat.com/errata/RHSA-2015-1667.html
- https://support.apple.com/HT205217
- http://www.apache.org/dist/httpd/CHANGES_2.4
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
- https://access.redhat.com/errata/RHSA-2017:2709
- http://rhn.redhat.com/errata/RHSA-2015-1666.html
- http://www.securitytracker.com/id/1032967
- http://www.ubuntu.com/usn/USN-2686-1
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://www.securityfocus.com/bid/75965
- http://www.debian.org/security/2015/dsa-3325
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- https://support.apple.com/kb/HT205031
- https://access.redhat.com/errata/RHSA-2017:2710
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- https://support.apple.com/HT205219
- https://access.redhat.com/errata/RHSA-2017:2708
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
- https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E