Security

Bash / shellshock vulnerability and Apache-based web server

 
JDR45
Frequent Advisor

Bash / shellshock vulnerability and Apache-based web server

I have some rp3410s running HP-UX 11.11

 

I've heard that HP-UX doesn't install bash by default, and so far I can't find any traces of bash on the servers.

 

But this article-

 

http://www.bbc.com/news/technology-29361794

 

Mentions something that caught my eye- "The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component."

 

Is that true?  Does Apache-based web server install some hints of bash here and there?

 

Thanks!

2 REPLIES 2
RJHall
Frequent Advisor

Re: Bash / shellshock vulnerability and Apache-based web server

I don't believe so--Apache just uses the system's native 'sh' shell as a script interpeter. The wording in the news story is unfortunate.

H.Merijn Brand (procura
Honored Contributor

Re: Bash / shellshock vulnerability and Apache-based web server

Having bash (even broken or older versions) does not trigger that sercurity issue. It is only triggered if bash is the DEFAULT shell, which most likely it is not

Enjoy, Have FUN! H.Merijn