Updating Apache 2.0.54 to 2.2.2 ?

Discussion in 'Server Operation' started by edge, Jul 5, 2006.

  1. edge

    edge Active Member Moderator

    I've done some googling, but till now I did not find a way to do an update/upgrade from Apache 2.0.54 to the new Apache 2.2.2
    (exept this: http://httpd.apache.org/docs/2.2/install.html)

    Can it be done? Even when using ISPconfig??
    Last edited: Jul 5, 2006
  2. falko

    falko Super Moderator ISPConfig Developer

    I haven't tried, and I wouldn't do it (unless you absolutely need one of the new features, or your current Apache doesn't work well...).
  3. edge

    edge Active Member Moderator

    No It's not really needed I think, but I did do some security scans with "Acunetix Web Vulnerability" and I got 4 alerst from it!

    1. Apache 2.x version older than 2.0.55 
    Affects: Web Server 
    Details: Current version is Apache/2.0.54  
    Severity: medium  
    Type: Configuration 
    Description: This alert has been generated using only banner information.
    It may be a false positive.
    Multiple vulnerabilities have been found in this version of Apache. 
    You should upgrade to the latest version of Apache.
    Affected Apache versions (up to 2.0.55).
    Impact: Multiple. Check references for details about every vulnerability. 
    Recommendation: Upgrade Apache 2.x to the latest version. 
    [URL="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491"]CAN-2005-2491 [/URL]
    The other alert are in:
    "mod_ssl" with: Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerabillity
    "mod_ssl" with: Apache Mod_SSL Log Function Format String Vulnerabillity
    and in "Web Server" with: TRACE Method Enabled

    As I'm still using 2.0.54, I though that it would be a good thing to update..

    I guess it's may be a false positive, as mentioned in the report.
    Last edited: Jul 6, 2006
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    If you want to upgrade, I recommend to upgrade to the latest version of the 2.0.x series and not 2.2.2 as the configuration options in the 2.0.x series are stable and you will get less problems with an upgrade.
  5. edge

    edge Active Member Moderator

    I've tried several times now on a virtual system (Debian Sarge Apache 2.0.54 > 2.0.58), but with no luck :/
  6. falko

    falko Super Moderator ISPConfig Developer

    If you have installed Apache fomr your distribution's packages: these packages are often patched to fix vulnerabilities, but the version numbers are still old, so it can mean that your Apache is secure although it claims to be 2.0.54.
  7. jenjen

    jenjen New Member

    I also need to upgrade my Apache from 2.0.54 to 2.0.56. I usually do this the easy way by using rpmfind.net from webmin. All I am finding though is 2.0.55, and yet on the Apache website there are discussions about 2.0.58. So what happened to 2.0.56??
    Can you fill in the gaps for me?
  8. falko

    falko Super Moderator ISPConfig Developer

Share This Page