httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

Debian Security Advisory DSA 3325-1 (apache2 - security update)

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacki...

Debian: Security Advisory (DSA-3325-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-3185

The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions ...

UBUNTU-CVE-2015-3185

The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions ...

Apache ap_some_auth_required() Security Bypass Vulnerability

Apache is an open source HTTPD service program. An unspecified security vulnerability exists in the Apache apsomeauthrequired function, where the Require directive is still used for authorization settings and displayed in the configuration because the program does not require authentication. A...

apache: multiple issues

CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...