cancel
Showing results for 
Search instead for 
Did you mean: 

HPUX SMH apache version

SOLVED
Go to solution
Jonathan Grymes
Frequent Advisor

HPUX SMH apache version

The apache version behind HPUX SMH is version 2.0.58 located in /opt/hpws/apache/bin/httpd. There are multiple vulnerabilities with this old version of apache. Is an HPUX upgrade version available?
5 REPLIES
Robert-Jan Goossens
Honored Contributor
Solution

Re: HPUX SMH apache version

Hi Jonathan,

I don't think you need that specific apache version in combination with SMH.

http://docs.hp.com/en/438862-003/ch04s04.html

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW302

Regards,
Robert-Jan
Steven E. Protter
Exalted Contributor

Re: HPUX SMH apache version

Shalom,

There are lots of updates on http://software.hp.com

There will always be vulnerabilities and unless you are internet exposed you can take your time on deployment.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jonathan Grymes
Frequent Advisor

Re: HPUX SMH apache version

I did upgrade HP SMH to the latest version, 2.2.9.1. However, that had no impact on the Apache based web server.

# /opt/hpws/apache/bin/httpd -v
Server version: Apache/2.0.58 HP-UX_Apache-based_Web_Server
Server built: Dec 18 2006 16:20:06
#
Shinji Teragaito_1
Respected Contributor

Re: HPUX SMH apache version

Because the Apache you installed is present under /opt/hpws22/apache.

Note: you can't use Apache 2.2.* with HP-UX SMH. As of today, SMH supports only Apache 2.0.*. So I'd recommend to use Apache-based Web Server v.2.22.

Shinji
Shinji Teragaito_1
Respected Contributor

Re: HPUX SMH apache version

This may help you.

SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939
HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite,
Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution
of Arbitrary Code, Cross-Site Request Forgery (CSRF)
Release Date: 2009-02-02
Last Updated: 2009-02-12

Shinji