AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

Apache Web Server for AIX 6.1 (httpd) not up to date

  • 1.  Apache Web Server for AIX 6.1 (httpd) not up to date

    Posted Tue January 28, 2014 11:32 AM

    Originally posted by: JoachimB


    The httpd package on the Web Download Pack site is version 2.4.4.

    I got the information that any version earlier than 2.4.5. is affected by the following vulnerabilities :

    - A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.

    (CVE-2013-1896)

    - An error exists related to the 'mod_session_dbd' module, flags and session-saving having an unspecified impact.

    (CVE-2013-2249)

     

    When will the httpd package be updated?



  • 2.  Re: Apache Web Server for AIX 6.1 (httpd) not up to date

    Posted Wed February 12, 2014 07:02 AM

    Originally posted by: JoachimB


    Apache httpd 2.4.7 has been released almost 3 month ago and is still not available on Web Download Pack site, making it impossible for me (and others) to patch high sev. vulnerabilities!



Related Content