Penetration Testing mailing list archives
OpenSSL 0.9.8i vulnerable - is Apache https vulnerable too ?
From: t35tman <t35tman () gmail com>
Date: Thu, 11 Jun 2009 17:09:49 +0400
HI, Hope someone here can help me out with this. I came across a Apache server (win32) 2.2.10 with mod_ssl/2.2.10 compiled with Openssl 0.9.8.i The version reported OpenSSL 0.9.8.i is vulnerable and there are newer version with fixes launched. However Apache has not released any patches and neither did I see Apache foundation in the listing of vulnerable devices in www.securityfocus.com/bid/34256/info Since the reported version is Openssl 0.9.8.i version (listed as vulnerable) could this installed version of Apache be vulnerable too? Any help / guidance is appreciated Regards ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- OpenSSL 0.9.8i vulnerable - is Apache https vulnerable too ? t35tman (Jun 12)