Re: HPUX SMH apache version

Jonathan Grymes · ‎02-16-2009

The apache version behind HPUX SMH is version 2.0.58 located in /opt/hpws/apache/bin/httpd. There are multiple vulnerabilities with this old version of apache. Is an HPUX upgrade version available?

Robert-Jan Goossens · ‎02-16-2009

Hi Jonathan,

I don't think you need that specific apache version in combination with SMH.

http://docs.hp.com/en/438862-003/ch04s04.html

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW302

Regards,
Robert-Jan

Steven E. Protter · ‎02-16-2009

Shalom,

There are lots of updates on http://software.hp.com

There will always be vulnerabilities and unless you are internet exposed you can take your time on deployment.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Jonathan Grymes · ‎02-16-2009

I did upgrade HP SMH to the latest version, 2.2.9.1. However, that had no impact on the Apache based web server.

# /opt/hpws/apache/bin/httpd -v
Server version: Apache/2.0.58 HP-UX_Apache-based_Web_Server
Server built: Dec 18 2006 16:20:06
#

Shinji Teragaito_1 · ‎02-16-2009

Because the Apache you installed is present under /opt/hpws22/apache.

Note: you can't use Apache 2.2.* with HP-UX SMH. As of today, SMH supports only Apache 2.0.*. So I'd recommend to use Apache-based Web Server v.2.22.

Shinji

Shinji Teragaito_1 · ‎02-16-2009

This may help you.

SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939
HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite,
Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution
of Arbitrary Code, Cross-Site Request Forgery (CSRF)
Release Date: 2009-02-02
Last Updated: 2009-02-12

Shinji

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: HPUX SMH apache version

HPUX SMH apache version