New Apache Version Needed as a Bundle

Problems with the Linux version of XAMPP, questions, comments, and anything related.

New Apache Version Needed as a Bundle

Postby paciolan_noc » 17. October 2017 18:46

Hello.

We are currently running XAMPP (version 7.0.23) on Linux, and the version of Apache (2.4.27) is showing up as vulnerable in our PCI scan:

"On systems with the Limit directive set within a '.htaccess' file and set to an invalid HTTP method, a remote user can send a specially crafted HTTP
OPTIONS request for a path to trigger a use-after-free memory error and view potentially sensitive information from process memory on the target
system. This vulnerability is referred to as "Optionsbleed". This affects Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27."


We are instructed to upgrade Apache to version 2.4.28 to resolve this vulnerability. Was hoping you could provide a new bundle with the newest version of Apache installed.

Please advise. Thanks in advance.
paciolan_noc
 
Posts: 1
Joined: 17. October 2017 18:38
XAMPP version: 7.0.23
Operating System: CentOS 6.8

Re: New Apache Version Needed as a Bundle

Postby Altrea » 17. October 2017 21:32

Hi,

if you are aware about security scans than you should not use XAMPP.
XAMPP is a local test and development environment and as such it is not needed to react on each security vulnerability.
Is this security vulnerability a problem for a local test and development environment at all? A security assessment is worthless if an experienced it expert will not set these results into the right context. XAMPP is not optimized against security at all.

There will be a new XAMPP version, but when its done and which components it includes, i don't know. There is no public accessible release plan.

Install and couple all the single components yourself than you have the full control about the versions included and can upgrade a single component at once instead needed to switch the full stack.

best wishes,
Altrea
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8965
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64


Return to XAMPP for Linux

Who is online

Users browsing this forum: No registered users and 7 guests