Contact Us Contact Us

hpe Apache-based web server v.1.3.27.01: hp-ux 11.0/11i (pa-risc/ipf) - archive

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications
Overview

hpe Apache-based web server v.1.3.27.01

for hp-ux 11.0 & 11i for PA-RISC and 11i Version 1.6 for IPF


Security vulnerabilities have been identified in this release.

This archive is available for your reference. All updates and enhancement s are contained in the current release of the product and customers are urged to install the current release.


  • HPE Apache-based Web Server v.1.3.x ends support starting July 01, 2003

    This is an update to the previous communication (since September 2002) of the obsolescence of HPE Apache-based Web Server v.1.3.x.

    Between now and end of June 2003, the HPE Apache-based Web Server v.1.3.x releases will only consist of fixes to critical defects. Starting July 01, 2003, the HPE Apache-based Web Server v.1.3.x for 11.0, 11i, 11i v1.5 and 11i v1.6 will no longer be supported by HPE.

    In the meantime, customers should begin the transition process by taking advantages of the no-charge, higher performance, and more flexible HP-UX Web Server Suite. In addition, to assist with this transition, HPE has also created the "migration guide - HPE Apache-based web server version 1.3.x to HP-UX Web Server Suite," which can be downloaded free of charge fro m the technical tips page.


what is the hpe Apache-based web server?

According to Netcraft (www.netcraft.com/survey), the Apache Web Server dominates over 60% of today's web server market as the most popular and frequently deployed web server for publishing and serving static and dynamic web pages.

Engineered through state-of-the art processes for the highest quality and tailored to run smoothly on HP-UX platforms, HPE offers the HPE Apache-based Web server as a total solution for web server deployment. The Open Source Apache Web Server software developed by the Apache Software Foundation (Apache HTTP Server Project described at httpd.apache.org) serves as the foundation for the HPE Apache-based Web Server. In addition to the base HTTP server, HPE has combined numerous popular modules from other Open Source projects as well as HPE-developed valued features, such as performance tuning, user guides, and security modules, so the HPE Apache-based Web Server is highly optimized for the HP-UX environment.

what's new with hpe Apache-based web server v.1.3.27.01?

HPE Apache-based Web Server v.1.3.27.01:

This version is principally a security-fix and bug-fix release.
The security bulletins for this update can be found at https://support.hpe.com/hpesc/public/home/. To get the security bulletin, you need to go through the following steps.
  1. Scroll down to the bottom of the page, and click on "security bulletins"
  2. Look for items related to Apache or one of the components specified below (i.e., OpenSSL, Tomcat, Webmin).
The following security vulnerabilities and bugs were fixed in this release :
  • Upgraded to OpenSSL 0.9.6i
    Vulnerability regarding ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
         More details are available at http://cve.mitre.org/: CAN-2003-0078
  • Upgraded to Tomcat 3.3.1a
    Vulnerabilities with using Tomcat 3.3.1 or earlier.
    1. When used with JDK 1.3.1 or earlier:
      • it allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
      • it uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
    2. With Cross-site scripting (XSS) in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x till 3.3.1a allow remote attackers to execute arbitrary web script.
         More details are available at http://cve.mitre.org/: CAN-2003-0042, CAN-2003-0043, CAN-2003-0044,
  • Upgraded to Webmin 1.070
    Vulnerability regarding miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
    Note: Usermin was not shipped in previous releases of Webmin bundled by HPE.
         More details are available at http://cve.mitre.org/: CAN-2003-0101

Plus enhancements from v.1.3.27.00:

       This version is principally a security-fix and bug-fix release.

  • Apache 1.3.27: Addresses and fixes three security vulnerabilities in this release:
    1. CAN-2002-0839: ownership permissions of System V shared memory based scoreboards. The fix resulted in the new ShmemUIDisUser directive.
    2. CAN-2002-0840: cross-site scripting vulnerability in the default error page when using wildcard DNS.
    3. CAN-2002-0843: possible overflows in ab.c which could be exploited by a malicious server.
    For more information about the security vulnerabilities, go to http://cve.mitre.org/, and search for:
         CAN-2002-0839, CAN-2002-0840, CAN-2002-0843

    Highlights of enhancements and bug-fixes included in this release:

    • ErrorHeader is a new directive that allows headers (such as cookies) to be specified that will accompany any error pages or redirects.
    • Include directives may now have wildcards in the final part of the path.
    • ProtocolReqCheck is a new directive which determines if Apache will verify the protocol string in the request, and return HTTP_BAD_REQUEST if not valid.
    • mod_proxy contains fixes for incorrectly updating Content-Length and modules adding unnecessary headers to the response headers.
  • mod_ssl 2.8.11

why use the hpe Apache-based web server?

From displaying information on simple, static web pages to serving as a secured e-Commerce store handling many simultaneous clients, today's web site must support a wide variety of technologies. To meet these needs, HPE offers customers the HPE Apache-based Web Server for their HP-UX environment.

  • investment protection by leveraging the Open Source community and industry investment in continuous leading-edge development of the most popular web server. HPE has bundled many valuable technologies with the core Apache Web Server to provide a highly optimized web server solution. HPE customers receive direct cost savings because the HPE Apache-based Web Server is absolutely free and is pre-bundled with the HP-UX Operating Environment.
  • rich and flexible features with breadth when compared to other commercial web servers, new functionality is easily added with Perl, C and C++ Apache modules. Server-side Java technologies are supported using JServ and Tomcat for servlets and JavaServer Pages (JSPs). Delivery of dynamic data is quick and easy using the PHP scripting lanugage with its built-in database connectivity. HPE Apache-based Web Server offers tools to assist with integration and support of 3rd party plug-ins such as the BroadVision plug-in, which provides out-of-the box support for the BroadVision e-commerce application suite.
  • security you can trust for secured transactions with the full strength 128-bit/168-bit encryption of RSA's BSAFE Crypto-C libraries and the bundled solutions from the most popular Open Source security modules, mod_ssl and OpenSSL. The HPE Apache-based Web Server also supports Digital Badge/certificate and authentication, and file system security (Chroot) to provide additional layers of protection from intruders. The HPE Apache-based Web Server offers high-speed data encryption so HPE customers don't have to sacrifice performance for good security.
  • out-of-the-box experience is what HPE customers can expect. The HPE Apache-based Web Server allows customers to install in simple steps, manage using the easy to use web-based admin customization capability. The HPE Apache-based Web Server is available as a free web download or pre-bundled with HP-UX.

product specifications

  • Apache Web Server v.1.3.27

  • Modules statically included http_core, mod_so
    Other standard modules dynamically included mod_access, mod_actions, mod_alias, mod_asis, mod_auth, mod_auth_anon, mod_auth_dbm, mod_autoindex, mod_cern_meta, mod_cgi, mod_define, mod_digest, mod_dir, mod_env, mod_expires, mod_headers, mod_imap, mod_include, mod_info, mod_log_config, mod_mime, mod_mime_magic, mod_negotiation, mod_proxy*,mod_rewrite, mod_setenvif, mod_speling, mod_status, mod_unique_id, mod_userdir, mod_usertrack, mod_vhost_alias
    Note for HP-UX 11i Version 1.6 (IPF) only: mod_proxy is currently not supported in this release.

      hpe-added features:

  • Modules dynamically included: auth_ldap, mod_jk, mod_jserv, mod_perl, mod_php, mod_ssl
  • RSA's BSAFE Crypto-C Library v.5.2 (PA-RISC) and v.5.2.1 (IPF) has U.S. Commerce approval for worldwide export of 128-bit strong encryption.
  • OpenSSL v.0.9.6i is an Open Source toolkit that implements the SSL/TLS security protocols.
  • mod_ssl v.2.8.11 provides strong cryptography for Apache over SSL using OpenSSL toolkit and BSAFE Crytpo-C libraries.
  • auth_ldap v.1.6 is the connector between Apache and an LDAP directory server module allowing Apache to authenticate HTTP clients by using entries in an LDAP directory. Auth_ldap supports iPlanet (Netscape) Directory Server and OpenLDAP Server and can be configured to use the stunnel program for secure SSL queries to the LDAP server. Stunnel is started and stopped using the bin/stunnel_ctl.sh utility.
  • mod_perl v.1.27 is a server plug-in that glues together the Perl runtime library, server software and an object oriented Perl interface to the server's C language API. This makes it possible to write Apache modules entirely in Perl. It is configured for Perl v.5.6.1.
  • mod_jk v.1.2.0 is the servlet connector to Tomcat in addition to the mod_jserv servlet connector found in previous versions of HPE Apache-based Web Server. mod_jk can use either the original ajpv12 protocol or the newer ajpv13 protocol.
  • Apache JServ v.1.1.1 is a Java servlet engine compliant with Java Servlet Development Kit 2.0. HPE Apache-based Web Server uses mod_jserv as the connector.
  • Tomcat v.3.3.1a is a servlet container which is compliant with Java Servlets 2.2 and JavaServer Pages 1.1.
  • PHP v.4.2.2 is a popular, server-side, cross-platform, HTML-embedded, full-featured language with a Java/C++ syntax. It also supports many databases.
  • Webmin v.1.070 is a web-based administration and configuration tool from Webmin. It has been enhanced to handle administration and configuration for the Apache Web Server.
  • Support for loading customized Apache modules implemented in C++
  • Third Party Support: BroadVision plug-in provides out-of-the box support for BroadVision e-commerce application suite.
  • Automatic Restart of Apache/Tomcat/Webmin on reboot. More information on customization/configuration of this feature can be found in the Config Notes.
  • Chroot causes the named directory to become the root directory, the starting point for path searches. A malicious user cannot get to the root file system. Our chroot includes SSL enhancements. For example pass phrase exits in 60 seconds and limits retries. We include a script for copying OS files under your chroot directory.
  • MM v.1.2.1 is a 2-layer abstraction library which simplifies the usage of shared memory between forked (and this way strongly related) processes under Unix platforms. MM support allows the httpd.conf SSLSessionCache directives shm:/opt/apache/logs/ssl_scache(512000) to be used.
  • certmig (for PA-RISC only) makes sharing of certificates between the Netscape Enterprise Server and any server that supports PKCS#12 formats possible. The certmig utility is an extension of the pk12util utility, provided by the Mozilla community. In addition to the pk12util functionality, certmig lists and extracts certificates from Netscape certificate databases.
  • Helper utilities make creating certificates (mkcert.sh) and starting and stopping stunnel (stunnel_ctl.sh) much easier. These two utilities can be found in the /opt/apache/bin/ directory.

system requirements

The installation paths are /opt/apache/ and /opt/tomcat/.

The HPE Apache-based Web Server can be installed on HP-UX 11.0 and 11i for PA-RISC and Itanium(R) processor family-based systems. Make sure to select the correct "software specification" on the Registration page. In addition, the following are bundle requirements:

  1. For HP-UX 11.0 and 11i (PA-RISC) only: Binaries are dependent on the B.11.25 or later versions of ld and libdld. To determine the version on your machine, type ld -V and what /usr/lib/libdld.sl at the command line. Install PHSS_24303 or later to solve this problem. To download, go to the IT Resource Center for Americas and Asia Pacific or Europe. Note that on any given system, the versions of ld and libdld should be the same.
  2. Tomcat requires HPE JRE 1.2.2.04 or higher. Version 1.3 or higher is recommended. If your application uses JSPs (Java Server Pages) then you will also need the JDK (Java Development Kit) so you can compile the JSPs. The latest versions of Java 1.3 can be downloaded from https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXJAVAHOME
    • For HP-UX 11i version 1.6 (IPF): only Java 1.3 and later is available.
  3. Using Apache JServ instead of Tomcat requires the Java Servlet Development Kit (JSDK) 2.0, which can be downloaded for Unix here.
  4. Building Apache modules in C and C++ depend on the C and C++ compiler.
    • For HP-UX 11i version 1.6 (IPF): Building Apache modules in C depends on HPE ANSI C compiler and C++ depends on HPE C++ compiler. For more information and to download, go within the Developer & Solution Partner Portal.
    • For HP-UX 11.0 and 11i (PA-RISC): Building Apache modules in C and C++ depend on gcc. To download, go to the Developer & Solution Partner Portal and search for gcc or directly, go here
  5. Building DSOs using apxs (Apache Extension Tool) depends on Perl and expects Perl to be installed at /opt/perl/bin/perl. Perl can be downloaded from HPE Software Depot by searching for: Perl v.5.6.1.
    • For HP-UX 11i version 1.6 (IPF): There are two versions of Perl available for IPF: 32-bit version and 64-bit version. By default all Perl scripts bundled with Apache expect 32-bit Perl. The expected location for 32-bit Perl is /opt/perl/bin/perl.
      To use 32-bit Perl, download and install Perl v.5.6.1 for HP-UX 11i Version 1.5 or 1.6 (IPF) Make sure to select the 32-bit version of Perl for IPF. If you prefer to use different Perl change the path in the apxs script to the Perl location installed on your machine.
    • For HP-UX 11.0 and 11i (PA-RISC): The expected location for Perl is /opt/perl/bin/perl. Either download and install Perl, or change the path in the apxs script to the Perl location installed on your machine.
  6. Webmin depends on Perl 5 and expects it to be installed in /opt/perl/bin/perl. Use the directions above to download Perl from "HPE Software Depot.
  7. mod_perl requires Perl v.5.6.1 which can be downloaded from HPE Software Depot by searching for: Perl v.5.6.1.
    • For HP-UX 11i version 1.6 (IPF): 64-bit Perl, build 631 or greater, is required and installs into /opt/perl_64/bin/perl. More information on enabling mod_perl is in the HPE Apache-based Web Server Admin Guide included in the bundle.

technical support

  • HPE Apache-based Web Server is supported by the HPE Worldwide Response Centers for customers with an HP-UX support contract.

Date released: 2003/03/07

 
Additional product information
Product #: B9415AA132701
Version: 1.3.27.01
Software specification:
Installation