cancel
Showing results for 
Search instead for 
Did you mean: 

appache security problem.

Michael Schulte zur Sur
Honored Contributor

appache security problem.

Hi all,

Is the problem
CAN-2004-0493
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion)
also affecting the appache of tru64?
What is the newest version of appache delivered by tru64?

thanks for any idea,

Michael
10 REPLIES
Slayer Slayer
Frequent Advisor

Re: appache security problem.

Hey Michael,

I found a couple of site about apache.
Maybe this can help you out.

http://www.apacheweek.com
http://www.apache.org

If i find something else i let you know.

Regards,

Bruno
Slayer Slayer
Frequent Advisor

Re: appache security problem.

Here i am again,

I think the new version of Apache is 2.0.

Regards,

Bruno
Michael Schulte zur Sur
Honored Contributor

Re: appache security problem.

Ralf,

what do I have to deinstall to get rid of the Apache from Tru64?

thanks for your professional advice,

Michael
Ralf Puchner
Honored Contributor

Re: appache security problem.

Michael,

I don't know because if installing the IAS there is a deinstall option which is supported.

A "wild" installation kit is unknown to me.
Help() { FirstReadManual(urgently); Go_to_it;; }
Johan Brusche
Honored Contributor

Re: appache security problem.

Michael,

If you installed Apache from the "Internet Express"-CD, you would have to deinstall the subset IAEAPCHxxx, where xxx would be 610 if from Internet Express V6.1 .

Johan.

_JB_
Johan Brusche
Honored Contributor

Re: appache security problem.


BTW, Internet Express V6.3 contains both Apache V1.3 and V2.0, with the option to install both versions if needed.

JB.

_JB_
Michael Schulte zur Sur
Honored Contributor

Re: appache security problem.

Hi,

thanks for the answers. Let me rephrase the question.

I have not installed the internet cd.
I am referring to the web server installed with the regular installation. I assumed that this is also an apache server.
Does anyone know, whether above meantioned problem on HP-UX also exists on Tru64?
What is the newest version delivered with Tru64?
The problem refers to the php modules, so I will as a work around disable them, if that is not already the default.

thanks,

Michael
Johan Brusche
Honored Contributor

Re: appache security problem.


Michael,

Doing a "grep httpd /usr/.smdb./OSF*5*.inv" results in a NULL string, so where do you get your httpd from ?

_Johan_

_JB_
Ralf Puchner
Honored Contributor

Re: appache security problem.

Michael,

depending on the installation source of your apache version you must also select the security patches. Please ask the originator of your version if such a fix is available.
e.g. you can not install patches from other vendors/originators to versions got from www.apache.org. If it is from the IAS medium there are also fixes within the ITRC patch page.

Also check if the version is from HP, if it is not supported, you must wait for a new version.

Help() { FirstReadManual(urgently); Go_to_it;; }
Michael Schulte zur Sur
Honored Contributor

Re: appache security problem.

Johan,

grep did not return anything.
apache was running in /usr/local/bin so I assumed it to be tru64 apache. I was a little confused. I also thought tomcat needs a webserver but that is probably wrong.
For the moment I am going to disable the php modules in apache.

thanks,

Michael