Mailing List Archive

[Bug 65944] Does VE-2021-40438 also affects Apache httpd 2.2.x versions.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65944

Stefan Eissing <icing@apache.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX

--- Comment #1 from Stefan Eissing <icing@apache.org> ---
Apache 2.2 has been End-Of-Life since January 2018. That means the project no
longer offers free support for that version.

We recommend upgrading to the latest 2.4.x release.

Kind Regards,
Stefan

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65944] Does VE-2021-40438 also affects Apache httpd 2.2.x versions. [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=65944

Stefan <sgrapt@abv.bg> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|WONTFIX |---
Status|RESOLVED |REOPENED

--- Comment #2 from Stefan <sgrapt@abv.bg> ---
Hi Stefan,

Actually my request was not for fixing the Apache 2.2.x version, but I just
want to understand if those versions are also vulnerable.

Therefore could you please confirm if Apache 2.2.x is, or is not affected by
VE-2021-40438 vulnerability.

Regards,
Stefan

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65944] Does VE-2021-40438 also affects Apache httpd 2.2.x versions. [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=65944

Stefan Eissing <icing@apache.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|REOPENED |RESOLVED

--- Comment #3 from Stefan Eissing <icing@apache.org> ---
If you run httpd 2.2 in an environment where CVEs are a concern, you have more
important problems than this CVE.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 65944] Does VE-2021-40438 also affects Apache httpd 2.2.x versions. [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=65944

--- Comment #4 from Ruediger Pluem <rpluem@apache.org> ---
Just to be clear: Any security issue that has been reported for Apache HTTP
server after 2.2 was EOL was not checked by this project whether it affects any
version of 2.2. There might be other distributors of Apache 2.2 (commercial
products, LTS OS distributions) that still do this / did this for some time.
You might find hints there. But using any vanilla 2.2 version is strongly
discouraged for security reasons.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org