https://community.hpe.com/t5/operating-system-hp-ux/apache-1-3-x-vulnerabilities/m-p/4209096#M733829 "old version" is correct. There are no patches, instead, you install the current version (2.19 if you're running HP-UX 11.23 or later. Get the latest version from software.hp.com Mon, 02 Jun 2008 21:53:50 GMT Bill Hassell 2008-06-02T21:53:50Z https://community.hpe.com/t5/operating-system-hp-ux/apache-1-3-x-vulnerabilities/m-p/4209095#M733828 I have several Hpux servers running Apache 1.3.19 with a garden variety of security vulnerabilities <BR />including:<BR /><BR />Multiview directory listing<BR />Root directory access<BR />0x1a Character logging Dos<BR />HtDigest command execution<BR />Httpd scoreboard modification<BR />mod_alias and mod_rewrite buffer overflow<BR />User enumeration<BR /><BR />The servers that have these vulnerabilities are production servers and we are trying to comply with a recent security audit - I have looked extensively for patches but to no avail...<BR /><BR />Were there ever patches released for these vulnerabilities? OR were they solved with the release of apache 2.x? <BR /><BR />I realize this is an old version of apache - Mon, 02 Jun 2008 17:22:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-1-3-x-vulnerabilities/m-p/4209095#M733828 Dave Cast 2008-06-02T17:22:53Z https://community.hpe.com/t5/operating-system-hp-ux/apache-1-3-x-vulnerabilities/m-p/4209096#M733829 "old version" is correct. There are no patches, instead, you install the current version (2.19 if you're running HP-UX 11.23 or later. Get the latest version from software.hp.com Mon, 02 Jun 2008 21:53:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-1-3-x-vulnerabilities/m-p/4209096#M733829 Bill Hassell 2008-06-02T21:53:50Z