In general, problems which stretch back to the initial 2.4.1 or commonly
deployed 2.4.3 might also affect 2.2.x or 2.0.x. As users have had almost a
decade to adjust and these versions are EOL, the project seems unlikely to
care, and notices are everywhere that the old flavors are no longer
evaluat
The requests processed asked to GET and POST to / in HTTP/1.1 protocol.
Why do you suppose your server should reject a request for the content '/'?
Seems like a very strange concern.
Depending on the handler charged with processing '/', the remaining '?'
query args are interpreted, or generally i
The distributions like RedHat, Debian, Ubuntu, etc. lock the version of
their software packages when they release any specific version of their OS
and they are responsible to backport any security or bug fixes.
For example, you can see Debian's tracker here:
https://security-tracker.debian.org/tra
On 6 Apr 2019, at 08:59, Sunhux G wrote:
> Are above CVEs affecting Apache httpd (ie web servers) 2.4.x only
> & other lower versions (eg: our Solaris 10's Apache/2.0.63) are not
> affected?
The CVE lists, explicitly, what versions are affected.
"The flaw was discovered by Charles Fol and imp
I’ve seen a few CVEs now that are low level but pretty much effect every
version from 2.4.30ish and back.
The default Apache versions in the Debian and Ubuntu repos are 2.4.25 and
2.4.29 respectively.
QUESTIONS:
1. Anyway to move the versions up (assuming I didn’t miss something) ?
2. Happy to
Also,
can we safely say CVE-2019-0217 & CVE-2019-0215 affects "2.4.17 through
2.4.38 with MPM event, worker or prefork" only (just like CVE-2019-0211)?
How do I check if we have "MPM event, worker or prefork" in our Apache?
On Sat, Apr 6, 2019 at 10:59 PM Sunhux G wrote:
>
> Are above CVEs affe
