Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
akromam90
Posts: 3
Joined: 2015/09/30 11:25:59

Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?

Post by akromam90 » 2015/09/30 11:29:54

Running CentOs 5.11 Apache 2.2.3, Currently missing CVE-2015-3183
I've ran yum update httpd but it doesn't kick back any available updates, so I would assume it's up to date.
When I ran rpm -q --changelog | grep -i CVE , I don't see ANY 2015 CVEs installed at all.
Was just made aware of this missing one by a security PCI audit our organization has every month.
Any insight on what might be the issue or a possible fix?
Thanks!

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?

Post by avij » 2015/09/30 13:43:30

https://bugzilla.redhat.com/show_bug.cgi?id=1243887#c5 has some useful information for mitigating the attacks.

Personally, at this stage, I would start working on moving the web server to a more recent version of CentOS, such as CentOS 7. CentOS 5 is approaching its end of life.

akromam90
Posts: 3
Joined: 2015/09/30 11:25:59

Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?

Post by akromam90 » 2015/09/30 14:14:51

Thanks for the heads up, I know I have a bit less than 2 years till EOL, just took over this gig about a month ago and trying to get through this PCI compliance audit. Hopi g to get a new server sometime next year to start the migration to 7.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?

Post by TrevorH » 2015/09/30 14:40:23

CentOS 5 has 18 months left...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

akromam90
Posts: 3
Joined: 2015/09/30 11:25:59

Re: Any way to get CVE-2015-3183 on CentOS5 apache 2.2.3?

Post by akromam90 » 2015/09/30 19:07:42

Yeah I thought it was around there, thanks! Guess I'll look into migrating to 7 if I can't get the CVE updates. Thanks!

Post Reply