ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


vulnerable Apache version 2.2.3

This entry from Security Metrics is followed up with a long laundry list of CVEs. The main one, CVE-2010-0425 doesn't even apply to ClearOS, let alone Linux.

If you have this in your report, you likely also have backported patches detected. ClearOS does have backported security patches. While this version of ClearOS runs version 2.2.3 of Apache, backported fixes to the existing version will be maintained until September 2013 for ClearOS Enterprise (free) and December 2015 for ClearOS Enterprise (free).

Make sure your ClearOS is up to date.

ClearCenter response

Short response

ClearOS contains backported fixes for Apache 2.2.3. Other items listed do not affect Apache on Linux, are not vulnerabilities on this version or have been deemed not risks.

Long response

Reports that ClearOS are affected by this vulnerability are grossly inaccurate and represent an inability for the audit system to properly distinguish Apache running on Windows from Apache running on Linux. Additionally, the inability to detect backported patches causes many items to appear vulnerable when in fact they have been fixed typically at or near the release of the original CVE.

Resolution

Run updates to ensure that you are up to date.

yum update

Additionally, ensure that only trusted admins have access to the command line of your servers that are running Apache.

content/en_us/kb_3rdparty_security_metrics_vulnerable_apache_version_2.2.3.txt · Last modified: 2015/01/29 09:56 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_3rdparty_security_metrics_vulnerable_apache_version_2.2.3&1563672161