Lucene search
UbuntuUSN-2686-1HistoryJul 27, 2015 - 12:00 a.m.
Apache HTTP Server vulnerabilities
2015-07-2700:00:00
ubuntu.com
49
7.7 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.072 Low
EPSS
Percentile
93.9%
Releases
- Ubuntu 15.04
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- apache2 - Apache HTTP server
Details
It was discovered that the Apache HTTP Server incorrectly parsed chunk
headers. A remote attacker could possibly use this issue to perform HTTP
request smuggling attacks. (CVE-2015-3183)
It was discovered that the Apache HTTP Server incorrectly handled the
ap_some_auth_required API. A remote attacker could possibly use this issue
to bypass intended access restrictions. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.04. (CVE-2015-3185)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 15.04 | noarch | apache2.2-bin | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2 | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-bin | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-bin-dbgsym | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-data | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-dbg | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-dev | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-doc | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-mpm-event | < 2.4.10-9ubuntu1.1 | UNKNOWN |
| Ubuntu | 15.04 | noarch | apache2-mpm-itk | < 2.4.10-9ubuntu1.1 | UNKNOWN |
Related
ibm
ibm
openvas
openvas
Ubuntu: Security Advisory (USN-2686-1)
2015-07-28 00:00:00
Mageia: Security Advisory (MGASA-2015-0281)
2015-10-15 00:00:00
Debian: Security Advisory (DSA-3325-1)
2015-07-31 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2015-08-25 16:08:42
httpd, mod_ssl security update
2015-08-24 18:23:20
nessus
nessus
Debian DSA-3325-1 : apache2 - security update
2015-08-03 00:00:00
Scientific Linux Security Update : httpd on SL7.x x86_64 (20150824)
2015-08-25 00:00:00
Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2686-1)
2015-07-28 00:00:00
debian
debian
[SECURITY] [DSA 3325-2] apache2 regression update
2015-08-18 11:39:08
[SECURITY] [DSA 3325-2] apache2 regression update
2015-08-18 11:39:08
[SECURITY] [DSA 3325-1] apache2 security update
2015-08-01 22:04:23
osv
osv
apache2 - regression update
2015-08-01 00:00:00
apache2 - security update
2015-08-01 00:00:00
apache2 - security update
2015-07-28 00:00:00
oraclelinux
oraclelinux
httpd security update
2015-08-24 00:00:00
httpd24-httpd security update
2016-02-04 00:00:00
httpd security update
2015-08-24 00:00:00
redhat
redhat
(RHSA-2015:1667) Moderate: httpd security update
2015-08-24 00:00:00
(RHSA-2015:1666) Moderate: httpd24-httpd security update
2015-08-24 00:00:00
(RHSA-2015:1668) Moderate: httpd security update
2015-08-24 00:00:00
mageia
mageia
Updated apache package fixes security vulnerabilities
2015-07-27 12:53:07
securityvulns
securityvulns
Apache security vulnerabilities
2015-07-20 00:00:00
[slackware-security] httpd (SSA:2015-198-01)
2015-07-20 00:00:00
Apple Xcode multiple security vulnerabilities
2015-10-25 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: httpd-2.4.16-1.fc22
2015-07-21 08:12:37
[SECURITY] Fedora 21 Update: httpd-2.4.16-1.fc21
2015-07-30 00:52:03
freebsd
freebsd
apache24 -- multiple vulnerabilities
2015-02-04 00:00:00
apache22 -- chunk header parsing defect
2015-06-24 00:00:00
amazon
amazon
Medium: httpd24
2015-08-17 12:27:00
Medium: httpd
2015-08-17 12:23:00
archlinux
archlinux
apache: multiple issues
2015-07-17 00:00:00
kaspersky
kaspersky
KLA10640 Multiple vulnerabilities in Apache HTTP Server
2015-07-21 00:00:00
slackware
slackware
[slackware-security] httpd
2015-07-17 20:25:06
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:18:03
HTTP Request Smuggling
2019-01-15 09:07:33
Access Restriction Bypass
2019-01-15 09:19:28
f5
f5
K17236 : Apache HTTP server vulnerability CVE-2015-3185
2015-09-10 00:00:00
SOL17236 - Apache HTTP server vulnerability CVE-2015-3185
2015-09-09 00:00:00
SOL17251 - Apache vulnerability CVE-2015-3183
2015-09-09 00:00:00
debiancve
debiancve
CVE-2015-3185
2015-07-20 23:59:00
CVE-2015-3183
2015-07-20 23:59:00
cve
cve
CVE-2015-3185
2015-07-20 23:59:00
CVE-2015-3183
2015-07-20 23:59:00
prion
prion
Design/Logic Flaw
2015-07-20 23:59:00
Authorization
2015-07-20 23:59:00
httpd
httpd
Apache Httpd < 2.4.16 : ap_some_auth_required API unusable
2013-08-05 00:00:00
ubuntucve
ubuntucve
gentoo
gentoo
Apache: Multiple vulnerabilities
2016-10-06 00:00:00
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
2017-06-29 17:41:22
Internet Bug Bounty: Multiple HTTP Smuggling reports
2019-07-17 22:47:10
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00
7.7 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.072 Low
EPSS
Percentile
93.9%
Related for USN-2686-1