httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nitin dubey <>
Subject [users@httpd] Regarding mgmt. of mod_ssl and Apache versions (vulnerabilities)
Date Thu, 21 Feb 2008 13:58:30 GMT

I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as well.  My concern
is about the two vulnerabilities (htp://, htp://
 I do not have any information whether or not these two vulnerabilities still exist or have
been fixed in the mod_ssl provided with apache sources 2.2.8.

After googling I could find out that these are solved in mod_ssl 2.8.19.  

Now to fix this I am thinking/trying the following:
- Check the version of mod_ssl bundled with apache 228.  If this ver is greater than 2.8.19
then these vulnerabilities must have been fixed.  I do not know how to determine the version
of mod_ssl here.

- Download the mod_ssl latest version from and force (since does not
provide sources for apache 2.x ver; it provides only for apache 1.3.x series) its installation
with latest apache 228 ver.  Since, mod_ssl version here is not built for apache 2.x series,
I may end up creating more problems for myself.

      Forgot the famous last words? Access your message archive online at

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message