topic Re: Bash / shellshock vulnerability and Apache-based web server in Operating System - HP-UX

Bash / shellshock vulnerability and Apache-based web server

JDR45 — Wed, 01 Oct 2014 18:14:41 GMT

I have some rp3410s running HP-UX 11.11

I've heard that HP-UX doesn't install bash by default, and so far I can't find any traces of bash on the servers.

But this article-

http://www.bbc.com/news/technology-29361794

Mentions something that caught my eye- "The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component."

Is that true? Does Apache-based web server install some hints of bash here and there?

Thanks!

Re: Bash / shellshock vulnerability and Apache-based web server

RJHall — Wed, 08 Oct 2014 15:58:40 GMT

I don't believe so--Apache just uses the system's native 'sh' shell as a script interpeter. The wording in the news story is unfortunate.

Re: Bash / shellshock vulnerability and Apache-based web server

H.Merijn Brand (procura — Fri, 24 Oct 2014 06:24:15 GMT

Having bash (even broken or older versions) does not trigger that sercurity issue. It is only triggered if bash is the DEFAULT shell, which most likely it is not