Forum
  1. Forums
  2. General
  3. General Discussion
  1. Anonymous User
  2. Thursday, June 29, 2017
  3.  Subscribe via email
Hello!

Recently, after a security scan performed by our internal auditors, the vulnerability CVE-2011-3368 was found in our CloudLinux 6.8 (httpd-2.2.15-54.el6_8) installation.

My guess is that the scanner just saw the Apache version and assumed it was vulnerable, but I have confirmation that Red Hat backported the fix to Apache version 2.2.15-9 (https://access.redhat.com/security/cve/cve-2011-3368)

I think this should be already fixed, but I can't find any formal confirmation from CloudLinux team. Could someone from CloudLinux confirm this? I have my bosses after me to confirm it.

Thank you very much in advance for your time and help, regards...
Rate this post:
  1. 30.06.2017 07:06:51
  2. # 1
Posts: 0
Joined: 18.01.2018
0
Votes
Undo
Hello, thank your for your post. I see a few problems here, first of all, the latest CloudLinux release is 6.9 and the latest httpd version in CloudLinux 6 is httpd-2.2.15-59.el6.cloudlinux, so, you may want to update to gain latest patches and features.

But anyway, even the outdated package contains the required patch:

* Thu Oct 6 08:00:00 2011 Joe Orton <[email protected]> - 2.2.15-15 - mod_proxy_ftp: fix handling of EPSV w/IPv6 localhost (#737960) - core: add security fix for CVE-2011-3368 (#743659) - mod_proxy_ajp: add security fix for CVE-2011-3348 (#738961) - mod_cache: forward-port CacheMaxExpire "hard" option (#740242)

You can check package's changelog using the following command:

rpm -q --changelog httpd

Please let me know if you have additional questions. Also, you can ask our support for help here: https://cloudlinux.zendesk.com/hc/en-us/requests/new
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.