HPE Community
Operating System - HP-UX
1819965 Members
3411 Online
109607 Solutions
New Discussion

Bash / shellshock vulnerability and Apache-based web server

 
JDR45
Frequent Advisor

‎10-01-2014 11:13 AM - edited ‎10-01-2014 11:14 AM

‎10-01-2014 11:13 AM - edited ‎10-01-2014 11:14 AM

Bash / shellshock vulnerability and Apache-based web server

I have some rp3410s running HP-UX 11.11

 

I've heard that HP-UX doesn't install bash by default, and so far I can't find any traces of bash on the servers.

 

But this article-

 

http://www.bbc.com/news/technology-29361794

 

Mentions something that caught my eye- "The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component."

 

Is that true?  Does Apache-based web server install some hints of bash here and there?

 

Thanks!

0 Kudos
Reply
2 REPLIES 2
RJHall
Frequent Advisor

‎10-08-2014 08:58 AM

‎10-08-2014 08:58 AM

Re: Bash / shellshock vulnerability and Apache-based web server

I don't believe so--Apache just uses the system's native 'sh' shell as a script interpeter. The wording in the news story is unfortunate.

0 Kudos
Reply
H.Merijn Brand (procura
Honored Contributor

‎10-23-2014 11:24 PM

‎10-23-2014 11:24 PM

Re: Bash / shellshock vulnerability and Apache-based web server

Having bash (even broken or older versions) does not trigger that sercurity issue. It is only triggered if bash is the DEFAULT shell, which most likely it is not

Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.