[users@httpd] CVE-2019-0211 - Apache 2.2

[Hajo Locke <Ha...@gmx.de>]

Hello,

i have still a bunch of apache 2.2 servers. ;(
Is apache 2.2 exploitable by CVE-2019-0211 ?
Description says that first affected version is 2.4.17, but may be 2.2
was not analyzed.

Thanks,
Hajo

Re: [users@httpd] Re: CVE-2019-0211 - Apache 2.2

[Hajo Locke <Ha...@gmx.de>]

Hello,

Am 03.04.2019 um 11:06 schrieb Rainer Canavan:
> On Wed, Apr 3, 2019 at 10:18 AM LuKreme <kr...@kreme.com> wrote:
>> On Apr 3, 2019, at 02:05, Hajo Locke <Ha...@gmx.de> wrote:
>>> Is apache 2.2 exploitable by CVE-2019-0211 ?
>>> Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.
>> “Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.
> Since Apache httpd 2.2 is not supported anymore, it is quite possible
> that nobody has
> checked if 2.2 is affected. However, it looks like redhat has checked
> for their old
> RHEL releases that ship with 2.2 and they appear to be unaffected:
> https://access.redhat.com/security/cve/cve-2019-0211
>
> rainer
thanks Reiner,  i hoped but did not know that some LTS distribution
still supports 2.2
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Thanks,
Hajo


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: CVE-2019-0211 - Apache 2.2

[Yann Ylavic <yl...@gmail.com>]

On Wed, Apr 3, 2019 at 11:06 AM Rainer Canavan
<ra...@sevenval.com> wrote:
>
> On Wed, Apr 3, 2019 at 10:18 AM LuKreme <kr...@kreme.com> wrote:
> >
> > On Apr 3, 2019, at 02:05, Hajo Locke <Ha...@gmx.de> wrote:
> > > Is apache 2.2 exploitable by CVE-2019-0211 ?
> > > Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.
> >
> > “Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.
>
> Since Apache httpd 2.2 is not supported anymore, it is quite possible
> that nobody has
> checked if 2.2 is affected. However, it looks like redhat has checked
> for their old
> RHEL releases that ship with 2.2 and they appear to be unaffected:
> https://access.redhat.com/security/cve/cve-2019-0211

Indeed, 2.2 is not affected... by this one.

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: CVE-2019-0211 - Apache 2.2

[Rainer Canavan <ra...@sevenval.com>]

On Wed, Apr 3, 2019 at 10:18 AM LuKreme <kr...@kreme.com> wrote:
>
> On Apr 3, 2019, at 02:05, Hajo Locke <Ha...@gmx.de> wrote:
> > Is apache 2.2 exploitable by CVE-2019-0211 ?
> > Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.
>
> “Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.

Since Apache httpd 2.2 is not supported anymore, it is quite possible
that nobody has
checked if 2.2 is affected. However, it looks like redhat has checked
for their old
RHEL releases that ship with 2.2 and they appear to be unaffected:
https://access.redhat.com/security/cve/cve-2019-0211

rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: CVE-2019-0211 - Apache 2.2

[LuKreme <kr...@kreme.com>]

On Apr 3, 2019, at 02:05, Hajo Locke <Ha...@gmx.de> wrote:
> Is apache 2.2 exploitable by CVE-2019-0211 ?
> Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.

“Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.

-- 
My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org