ID

VAR-201507-0017


CVE

CVE-2015-3185


TITLE

Apache HTTP Server of server/request.c Inside ap_some_auth_required Vulnerabilities that prevent access restrictions in functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-003799

DESCRIPTION

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Apache HTTP Server is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the fact that when the program does not require authentication, the Require directive will still be used for authorization settings and in displayed in the configuration. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2015:1667-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1667.html Issue date: 2015-08-24 CVE Names: CVE-2015-3183 CVE-2015-3185 ===================================================================== 1. Summary: Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm ppc64: httpd-2.4.6-31.el7_1.1.ppc64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.ppc64.rpm httpd-devel-2.4.6-31.el7_1.1.ppc64.rpm httpd-tools-2.4.6-31.el7_1.1.ppc64.rpm mod_ssl-2.4.6-31.el7_1.1.ppc64.rpm s390x: httpd-2.4.6-31.el7_1.1.s390x.rpm httpd-debuginfo-2.4.6-31.el7_1.1.s390x.rpm httpd-devel-2.4.6-31.el7_1.1.s390x.rpm httpd-tools-2.4.6-31.el7_1.1.s390x.rpm mod_ssl-2.4.6-31.el7_1.1.s390x.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-31.ael7b_1.1.src.rpm noarch: httpd-manual-2.4.6-31.ael7b_1.1.noarch.rpm ppc64le: httpd-2.4.6-31.ael7b_1.1.ppc64le.rpm httpd-debuginfo-2.4.6-31.ael7b_1.1.ppc64le.rpm httpd-devel-2.4.6-31.ael7b_1.1.ppc64le.rpm httpd-tools-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_ssl-2.4.6-31.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-31.el7_1.1.ppc64.rpm mod_ldap-2.4.6-31.el7_1.1.ppc64.rpm mod_proxy_html-2.4.6-31.el7_1.1.ppc64.rpm mod_session-2.4.6-31.el7_1.1.ppc64.rpm s390x: httpd-debuginfo-2.4.6-31.el7_1.1.s390x.rpm mod_ldap-2.4.6-31.el7_1.1.s390x.rpm mod_proxy_html-2.4.6-31.el7_1.1.s390x.rpm mod_session-2.4.6-31.el7_1.1.s390x.rpm x86_64: httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: httpd-debuginfo-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_ldap-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_proxy_html-2.4.6-31.ael7b_1.1.ppc64le.rpm mod_session-2.4.6-31.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-31.el7_1.1.src.rpm noarch: httpd-manual-2.4.6-31.el7_1.1.noarch.rpm x86_64: httpd-2.4.6-31.el7_1.1.x86_64.rpm httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm httpd-devel-2.4.6-31.el7_1.1.x86_64.rpm httpd-tools-2.4.6-31.el7_1.1.x86_64.rpm mod_ssl-2.4.6-31.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-31.el7_1.1.x86_64.rpm mod_ldap-2.4.6-31.el7_1.1.x86_64.rpm mod_proxy_html-2.4.6-31.el7_1.1.x86_64.rpm mod_session-2.4.6-31.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV22bdXlSAg2UNWIIRAtlWAKCRoS+swsPU7SFVjoNK5nifbipGPACfbnGp vg4WkQFOi6OeD9X4Kiuo2gA= =LQPk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . In some configurations, apache2 would fail to start with a spurious error message about the certificate chain. This update fixes this problem. For reference, the text of the original advisory follows: Several vulnerabilities have been found in the Apache HTTPD server. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use. CVE-2015-3185 A design error in the "ap_some_auth_required" function renders the API unusuable in apache2 2.4.x. The fix backports the new "ap_some_authn_required" API from 2.4.16. This issue does not affect the oldstable distribution (wheezy). In addition, the updated package for the oldstable distribution (wheezy) removes a limitation of the Diffie-Hellman (DH) parameters to 1024 bits. This limitation may potentially allow an attacker with very large computing resources, like a nation-state, to break DH key exchange by precomputation. The updated apache2 package also allows to configure custom DH parameters. More information is contained in the changelog.Debian.gz file. These improvements were already present in the stable, testing, and unstable distributions. For the oldstable distribution (wheezy), this problem has been fixed in version 2.2.22-13+deb7u6. The other distributions were not affected by the regression. We recommend that you upgrade your apache2 packages. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center OS X Server 5.0.3 may be obtained from the Mac App Store. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. (CVE-2015-3185) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. JIRA issues fixed (https://issues.jboss.org/): JBCS-329 - Unable to load large CRL openssl problem JBCS-337 - Errata for httpd 2.4.23 SP2 RHEL 6 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-2 Xcode 7.0 Xcode 7.0 is now available and addresses the following: DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by updating header files to use the latest version. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. These issues were addressed by updating openssl to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251 Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "7.0". Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. * CVE-2015-0228: mod_lua: A maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash. * CVE-2015-3183: core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: d78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz Slackware 14.1 package: ea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz Slackware -current package: 01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz Slackware x86_64 -current package: 70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.16-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 2.61

sources: NVD: CVE-2015-3185 // JVNDB: JVNDB-2015-003799 // BID: 75965 // VULHUB: VHN-81146 // VULMON: CVE-2015-3185 // PACKETSTORM: 133278 // PACKETSTORM: 133129 // PACKETSTORM: 133619 // PACKETSTORM: 144135 // PACKETSTORM: 133617 // PACKETSTORM: 132743

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:eqversion:7.0

Trust: 2.4

vendor:applemodel:mac os x serverscope:eqversion:5.0.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.10.4

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.4.8

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.12

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.1

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.7

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.9

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.10

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.13

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.0

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.2

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.3

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.14

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:apachemodel:http serverscope:ltversion:2.4.x

Trust: 0.8

vendor:applemodel:xcodescope:ltversion:(os x yosemite v10.10.4 or later )

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.4

Trust: 0.8

vendor:applemodel:macos serverscope:eqversion:5.0.3

Trust: 0.8

vendor:applemodel:macos serverscope:ltversion:(os x yosemite v10.10.5 or later )

Trust: 0.8

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.4.2

Trust: 0.3

sources: BID: 75965 // JVNDB: JVNDB-2015-003799 // CNNVD: CNNVD-201507-660 // NVD: CVE-2015-3185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3185
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3185
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-660
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81146
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-3185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3185
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81146
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81146 // VULMON: CVE-2015-3185 // JVNDB: JVNDB-2015-003799 // CNNVD: CNNVD-201507-660 // NVD: CVE-2015-3185

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-81146 // JVNDB: JVNDB-2015-003799 // NVD: CVE-2015-3185

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 133278 // CNNVD: CNNVD-201507-660

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201507-660

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003799

PATCH

title:Fixed in Apache httpd 2.4.16url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

title:APPLE-SA-2015-09-16-4 OS X Server 5.0.3url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

Trust: 0.8

title:APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Trust: 0.8

title:APPLE-SA-2015-09-16-2 Xcode 7.0url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

Trust: 0.8

title:HT205217url:https://support.apple.com/en-us/HT205217

Trust: 0.8

title:HT205219url:https://support.apple.com/en-us/HT205219

Trust: 0.8

title:HT205031url:https://support.apple.com/en-us/HT205031

Trust: 0.8

title:HT205217url:http://support.apple.com/ja-jp/HT205217

Trust: 0.8

title:HT205219url:http://support.apple.com/ja-jp/HT205219

Trust: 0.8

title:HT205031url:https://support.apple.com/ja-jp/HT205031

Trust: 0.8

title:Changes with Apache 2.4.14url:http://www.apache.org/dist/httpd/CHANGES_2.4

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - October 2015url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 0.8

title:httpd-2.4.14url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57056

Trust: 0.6

title:httpd-2.4.14url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57055

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Core Services security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172708 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172710 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172709 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-3325-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=f6a16e3e13155cdb8edbd0ecf11552be

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2686-1

Trust: 0.1

title:Red Hat: CVE-2015-3185url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3185

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-579url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-579

Trust: 0.1

title:Tenable Security Advisories: [R4] SecurityCenter 5.0.2 Fixes Third-party Libraryurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2015-11

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162957 - Security Advisory

Trust: 0.1

title:DC-2: Vulnhub Walkthroughurl:https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

Trust: 0.1

title:Shodan Search Scripturl:https://github.com/firatesatoglu/shodanSearch

Trust: 0.1

sources: VULMON: CVE-2015-3185 // JVNDB: JVNDB-2015-003799 // CNNVD: CNNVD-201507-660

EXTERNAL IDS

db:NVDid:CVE-2015-3185

Trust: 3.5

db:BIDid:75965

Trust: 2.1

db:SECTRACKid:1032967

Trust: 1.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-003799

Trust: 0.8

db:CNNVDid:CNNVD-201507-660

Trust: 0.7

db:PACKETSTORMid:144135

Trust: 0.2

db:PACKETSTORMid:144136

Trust: 0.1

db:PACKETSTORMid:144134

Trust: 0.1

db:VULHUBid:VHN-81146

Trust: 0.1

db:VULMONid:CVE-2015-3185

Trust: 0.1

db:PACKETSTORMid:133278

Trust: 0.1

db:PACKETSTORMid:133129

Trust: 0.1

db:PACKETSTORMid:133619

Trust: 0.1

db:PACKETSTORMid:133617

Trust: 0.1

db:PACKETSTORMid:132743

Trust: 0.1

sources: VULHUB: VHN-81146 // VULMON: CVE-2015-3185 // BID: 75965 // JVNDB: JVNDB-2015-003799 // PACKETSTORM: 133278 // PACKETSTORM: 133129 // PACKETSTORM: 133619 // PACKETSTORM: 144135 // PACKETSTORM: 133617 // PACKETSTORM: 132743 // CNNVD: CNNVD-201507-660 // NVD: CVE-2015-3185

REFERENCES

url:http://rhn.redhat.com/errata/rhsa-2015-1667.html

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2017:2708

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2017:2710

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html

Trust: 1.8

url:http://www.securityfocus.com/bid/75965

Trust: 1.8

url:https://support.apple.com/ht205217

Trust: 1.8

url:https://support.apple.com/ht205219

Trust: 1.8

url:https://support.apple.com/kb/ht205031

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3325

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2015-1666.html

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2016-2957.html

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2017:2709

Trust: 1.8

url:http://www.securitytracker.com/id/1032967

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2686-1

Trust: 1.8

url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.2

url:http://www.apache.org/dist/httpd/changes_2.4

Trust: 1.2

url:https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708

Trust: 1.2

url:https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73

Trust: 1.2

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3185

Trust: 0.9

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3185

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3185

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:http://

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.

Trust: 0.6

url:httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708

Trust: 0.6

url:https://github.com/apache/

Trust: 0.6

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.

Trust: 0.6

url:httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73

Trust: 0.6

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:httpd/changes_2.4

Trust: 0.6

url:http://www.apache.org/dist/

Trust: 0.6

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3183

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-3185

Trust: 0.3

url:http://httpd.apache.org/

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0253

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0228

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:http://gpgtools.org

Trust: 0.2

url:https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2686-1/

Trust: 0.1

url:https://www.debian.org/security/./dsa-3325

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3183

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8161

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0241

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0243

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1349

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3581

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5911

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3166

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0067

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3167

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0244

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-9788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-9788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2183

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2183

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0248

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5910

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6394

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5909

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3183

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0253

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0228

Trust: 0.1

sources: VULHUB: VHN-81146 // VULMON: CVE-2015-3185 // BID: 75965 // JVNDB: JVNDB-2015-003799 // PACKETSTORM: 133278 // PACKETSTORM: 133129 // PACKETSTORM: 133619 // PACKETSTORM: 144135 // PACKETSTORM: 133617 // PACKETSTORM: 132743 // CNNVD: CNNVD-201507-660 // NVD: CVE-2015-3185

CREDITS

Ben Reser

Trust: 0.3

sources: BID: 75965

SOURCES

db:VULHUBid:VHN-81146
db:VULMONid:CVE-2015-3185
db:BIDid:75965
db:JVNDBid:JVNDB-2015-003799
db:PACKETSTORMid:133278
db:PACKETSTORMid:133129
db:PACKETSTORMid:133619
db:PACKETSTORMid:144135
db:PACKETSTORMid:133617
db:PACKETSTORMid:132743
db:CNNVDid:CNNVD-201507-660
db:NVDid:CVE-2015-3185

LAST UPDATE DATE

2024-11-11T22:53:14.019000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81146date:2020-10-27T00:00:00
db:VULMONid:CVE-2015-3185date:2023-11-07T00:00:00
db:BIDid:75965date:2016-07-06T14:51:00
db:JVNDBid:JVNDB-2015-003799date:2015-11-06T00:00:00
db:CNNVDid:CNNVD-201507-660date:2021-06-07T00:00:00
db:NVDid:CVE-2015-3185date:2023-11-07T02:25:31.337

SOURCES RELEASE DATE

db:VULHUBid:VHN-81146date:2015-07-20T00:00:00
db:VULMONid:CVE-2015-3185date:2015-07-20T00:00:00
db:BIDid:75965date:2015-07-15T00:00:00
db:JVNDBid:JVNDB-2015-003799date:2015-07-22T00:00:00
db:PACKETSTORMid:133278date:2015-08-24T22:05:56
db:PACKETSTORMid:133129date:2015-08-18T22:28:40
db:PACKETSTORMid:133619date:2015-09-19T15:37:27
db:PACKETSTORMid:144135date:2017-09-14T19:50:50
db:PACKETSTORMid:133617date:2015-09-19T15:31:48
db:PACKETSTORMid:132743date:2015-07-20T15:45:36
db:CNNVDid:CNNVD-201507-660date:2015-07-21T00:00:00
db:NVDid:CVE-2015-3185date:2015-07-20T23:59:03.770