logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Request for OpenSSL Update to Address Security Vulnerability
Author
raghu7548



Joined: 11 Oct 2024
Posts: 5
Location: Singapore

PostPosted: Fri 11 Oct '24 11:40    Post subject: Request for OpenSSL Update to Address Security Vulnerability Reply with quote

Hi,

In vulnerability scans have picked up out-of-date OpenSSL files within an Apache install. The current version of Apache is 2.4.62 and the version of openssl inside it is 3.1.6.
Scans recommend updating openssl to 3.1.7 or later to resolve the specified vulnerability (Vulnerability Plugin ID : 201082).
Please let us know how to update openssl to 3.17 or later ?
Back to top
Otomatic



Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU

PostPosted: Fri 11 Oct '24 11:53    Post subject: Reply with quote

Hi,

It is an error in the changelog.

For Apache 2.4.62 dated 4 sep 24 openssl is 3.1.7
Back to top
raghu7548



Joined: 11 Oct 2024
Posts: 5
Location: Singapore

PostPosted: Fri 11 Oct '24 12:03    Post subject: Reply with quote

--Are you saying that Apache 2.4.62, dated September 4, 2024, includes OpenSSL version 3.1.7?
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Fri 11 Oct '24 12:05    Post subject: Reply with quote

Corrected the typo https://www.apachelounge.com/viewtopic.php?p=42890
Back to top
raghu7548



Joined: 11 Oct 2024
Posts: 5
Location: Singapore

PostPosted: Fri 11 Oct '24 16:11    Post subject: Reply with quote

Hi,

I encountered an issue while attempting to run the OpenSSL version command. Unfortunately, it returned an “access denied” error.

C:\Apache24\bin>openssl version
Access is denied.
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Fri 11 Oct '24 16:14    Post subject: Reply with quote

Start Apache and in the error.log you see the OpenSSL version is loaded
Back to top
raghu7548



Joined: 11 Oct 2024
Posts: 5
Location: Singapore

PostPosted: Fri 11 Oct '24 16:32    Post subject: Reply with quote

I've initiated the Apache service and searched for the error.log file, but it's not located in the expected C:\Softwares\httpd-2.4.62-240904-win64-VS17\Apache24\logs directory.
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Fri 11 Oct '24 17:01    Post subject: Reply with quote

Is Apache running ?
Where did you installed Apache ?
In c:\apache24 ?
Back to top
raghu7548



Joined: 11 Oct 2024
Posts: 5
Location: Singapore

PostPosted: Sat 12 Oct '24 0:53    Post subject: Reply with quote

I located the error log file, but I couldn't find the OpenSSL version listed in it.

[Sat Oct 12 06:49:16.012412 2024] [mpm_winnt:notice] [pid 27320:tid 372] AH00455: Apache/2.4.62 (Win64) configured -- resuming normal operations
[Sat Oct 12 06:49:16.012412 2024] [mpm_winnt:notice] [pid 27320:tid 372] AH00456: Apache Lounge VS17 Server built: Sep 4 2024 10:31:52
[Sat Oct 12 06:49:16.012412 2024] [core:notice] [pid 27320:tid 372] AH00094: Command line: 'C:\\Apache24\\bin\\httpd.exe -d C:/Apache24'
[Sat Oct 12 06:49:16.044122 2024] [mpm_winnt:notice] [pid 27320:tid 372] AH00418: Parent: Created child process 25596
[Sat Oct 12 06:49:16.715944 2024] [mpm_winnt:notice] [pid 25596:tid 416] AH00354: Child: Starting 64 worker threads.
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Sat 12 Oct '24 9:10    Post subject: Reply with quote

OpenSSL is not enabled.
Back to top


Reply to topic   Topic: Request for OpenSSL Update to Address Security Vulnerability View previous topic :: View next topic
Post new topic   Forum Index -> Apache