CVE-2019-0211 - Apache 2.2

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE-2019-0211 - Apache 2.2

Hajo Locke
Hello,

i have still a bunch of apache 2.2 servers. ;(
Is apache 2.2 exploitable by CVE-2019-0211 ?
Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.
Thanks,
Hajo
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-0211 - Apache 2.2

@lbutlr
On Apr 3, 2019, at 02:05, Hajo Locke <[hidden email]> wrote:
> Is apache 2.2 exploitable by CVE-2019-0211 ?
> Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.

“Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.

--
My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-0211 - Apache 2.2

Rainer Canavan
On Wed, Apr 3, 2019 at 10:18 AM LuKreme <[hidden email]> wrote:
>
> On Apr 3, 2019, at 02:05, Hajo Locke <[hidden email]> wrote:
> > Is apache 2.2 exploitable by CVE-2019-0211 ?
> > Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.
>
> “Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.

Since Apache httpd 2.2 is not supported anymore, it is quite possible
that nobody has
checked if 2.2 is affected. However, it looks like redhat has checked
for their old
RHEL releases that ship with 2.2 and they appear to be unaffected:
https://access.redhat.com/security/cve/cve-2019-0211

rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-0211 - Apache 2.2

Yann Ylavic
On Wed, Apr 3, 2019 at 11:06 AM Rainer Canavan
<[hidden email]> wrote:

>
> On Wed, Apr 3, 2019 at 10:18 AM LuKreme <[hidden email]> wrote:
> >
> > On Apr 3, 2019, at 02:05, Hajo Locke <[hidden email]> wrote:
> > > Is apache 2.2 exploitable by CVE-2019-0211 ?
> > > Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.
> >
> > “Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.
>
> Since Apache httpd 2.2 is not supported anymore, it is quite possible
> that nobody has
> checked if 2.2 is affected. However, it looks like redhat has checked
> for their old
> RHEL releases that ship with 2.2 and they appear to be unaffected:
> https://access.redhat.com/security/cve/cve-2019-0211

Indeed, 2.2 is not affected... by this one.

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-0211 - Apache 2.2

Hajo Locke
In reply to this post by Rainer Canavan
Hello,

Am 03.04.2019 um 11:06 schrieb Rainer Canavan:

> On Wed, Apr 3, 2019 at 10:18 AM LuKreme <[hidden email]> wrote:
>> On Apr 3, 2019, at 02:05, Hajo Locke <[hidden email]> wrote:
>>> Is apache 2.2 exploitable by CVE-2019-0211 ?
>>> Description says that first affected version is 2.4.17, but may be 2.2 was not analyzed.
>> “Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38” seems clear.
> Since Apache httpd 2.2 is not supported anymore, it is quite possible
> that nobody has
> checked if 2.2 is affected. However, it looks like redhat has checked
> for their old
> RHEL releases that ship with 2.2 and they appear to be unaffected:
> https://access.redhat.com/security/cve/cve-2019-0211
>
> rainer
thanks Reiner,  i hoped but did not know that some LTS distribution
still supports 2.2
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Thanks,
Hajo


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]