HPE Community
Operating System - HP-UX
1827280 Members
2301 Online
109717 Solutions
New Discussion

HP Web Server

 
George Spencer_4
Frequent Advisor

‎11-06-2008 03:05 PM

‎11-06-2008 03:05 PM

HP Web Server

We are running HP-UX 11.11 and the HP Web Server 2.0.58 with Openssl 0.9.7g.

Following a Network Vulnerabilty assessment, we were informed that there is a vulnerability in Openssl 0.9.7g and that we should upgrade openssl to version 0.9.7j or later.

Does anyone know how to upgrade the openssl in the HP Web Server to a later version? I tried installing HP Openssl 0.9.7m, but this installs separately from the Web Server, and has no effect on the service. If one replaces the openssl used by the Web Server 2.0.58 with the new version, then the whole thing locks up.

The documentation on the download page for the Web Server 2.0.59 states that this is using an even older version of Openssl than 2.0.58. This could be just an error in the documentation, but is not a good sign.

I could download and compile the latest version of Apache, but I was hoping stay with the HP version. Any suggestions?
0 Kudos
2 REPLIES 2
George Spencer_4
Frequent Advisor

‎11-06-2008 05:28 PM

‎11-06-2008 05:28 PM

Re: HP Web Server

I found the answer. The Web Server 2.0.59 has openssl 0.9.8d in it and this is not vulnerable.
0 Kudos
George Spencer_4
Frequent Advisor

‎11-06-2008 05:31 PM

‎11-06-2008 05:31 PM

Re: HP Web Server

I downloaded the later web server and extracted the openssl. By querying the version, I was able to find that it was one later than the vulnerability.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.