Hi
Team,
In our qualys scan report we've found Apache Hypertext Transfer Protocol (HTTP) Server Buffer Overflow Vulnerability for our AIX servers. We've checked and found there are some httpd daemon possess is running.
typhoon:/root#
ps -ef|grep -i httpdnobody 4128938 5898446 0 Jul 17 - 0:05 /opt/freeware/apache/sbin/httpd
nobody 5570794 5898446 0 Jul 17 - 0:05 /opt/freeware/apache/sbin/httpd
nobody 5767350 5898446 0 Jul 17 - 0:05 /opt/freeware/apache/sbin/httpd
root 5898446 1 0 Jul 17 - 5:09 /opt/freeware/apache/sbin/httpd
nobody 6029504 5898446 0 Jul 17 - 0:05 /opt/freeware/apache/sbin/httpd
As we have checked, seems we are using
apache-1.3.31 here. Can anyone let me know If I'll upgrad this to Apache
http 2.4.53 then our Server Buffer Overflow vulnerability will mitigate? If Yes then please help us the steps to installation of
Apache http 2.4.53.
typhoon:/root#
rpm -qf /opt/freeware/apache/sbin/httpdapache-1.3.31-3ssl------------------------------
Virendra Singh
------------------------------