Running CentOs 5.11 Apache 2.2.3, Currently missing CVE-2015-3183
I've ran yum update httpd but it doesn't kick back any available updates, so I would assume it's up to date.
When I ran rpm -q --changelog | grep -i CVE , I don't see ANY 2015 CVEs installed at all.
Was just made aware of this missing one by a security PCI audit our organization has every month.
Any insight on what might be the issue or a possible fix?
Thanks!
Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?
Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?
https://bugzilla.redhat.com/show_bug.cgi?id=1243887#c5 has some useful information for mitigating the attacks.
Personally, at this stage, I would start working on moving the web server to a more recent version of CentOS, such as CentOS 7. CentOS 5 is approaching its end of life.
Personally, at this stage, I would start working on moving the web server to a more recent version of CentOS, such as CentOS 7. CentOS 5 is approaching its end of life.
Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?
Thanks for the heads up, I know I have a bit less than 2 years till EOL, just took over this gig about a month ago and trying to get through this PCI compliance audit. Hopi g to get a new server sometime next year to start the migration to 7.
Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?
CentOS 5 has 18 months left...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?
Yeah I thought it was around there, thanks! Guess I'll look into migrating to 7 if I can't get the CVE updates. Thanks!