The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CVE issue

Discussion in 'General Discussion' started by zann, Aug 17, 2012.

  1. zann

    zann Member

    Joined:
    Aug 17, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    remote exploitable buffer overflow in mod_ssl(http-mods-00s) (cve-2002-0082)
    vulneration solution is upgrade to 2.8.7 or later

    mod_ssl Directive Mapping buffer overflow(http-mods-0008)(cve-2002-0653)
    vulneration solution is upgrade to v2.8.10 or later


    i had do easyapache update but it still not upgrade to 2.8.7 or latest version
    Server Version: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.4.5
    Server Built: Aug 16 2012 14:30:15


    any other solution to solve it ?

    Thanks !
     
  2. zann

    zann Member

    Joined:
    Aug 17, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    CVE database open access issue

    currently the database allow any remote system the ability to connect it .
    Is any method to allow database server to only allow access to trusted systems ?


    Thanks !
     
  3. sirdopes

    sirdopes Well-Known Member
    PartnerNOC

    Joined:
    Sep 25, 2007
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    The cves are for apache 1.X only. The mod_ssl version numbering changed and is built into apache for 2.X. As for the database, you would need to firewall it off and only allow ips that are trusted to it.
     
  4. zann

    zann Member

    Joined:
    Aug 17, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    before the server do the scanning.. The apache is already 2.2. Based on vulneration solution from audit report is need upgrade v2.8.10 or later.. So, is it have any prove record to show The cves are for apache 1.X only ?

    Thanks!
     
  5. zann

    zann Member

    Joined:
    Aug 17, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    i am a root administrator .. can i set all the account database server under this server only allow ips that are trusted to it. ..or i need each account database server one by one ?

    Thanks
     
    #5 zann, Aug 17, 2012
    Last edited: Aug 17, 2012
Loading...

Share This Page