I've done some googling, but till now I did not find a way to do an update/upgrade from Apache 2.0.54 to the new Apache 2.2.2 (exept this: http://httpd.apache.org/docs/2.2/install.html) Can it be done? Even when using ISPconfig??
I haven't tried, and I wouldn't do it (unless you absolutely need one of the new features, or your current Apache doesn't work well...).
No It's not really needed I think, but I did do some security scans with "Acunetix Web Vulnerability" and I got 4 alerst from it! Code: 1. Apache 2.x version older than 2.0.55 Affects: Web Server Details: Current version is Apache/2.0.54 Severity: medium Type: Configuration Description: This alert has been generated using only banner information. It may be a false positive. Multiple vulnerabilities have been found in this version of Apache. You should upgrade to the latest version of Apache. Affected Apache versions (up to 2.0.55). Impact: Multiple. Check references for details about every vulnerability. Recommendation: Upgrade Apache 2.x to the latest version. References: [URL="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088"]CAN-2005-2088[/URL] [URL="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700"]CAN-2005-2700[/URL] [URL="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491"]CAN-2005-2491 [/URL] [URL="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728"]CAN-2005-2728[/URL] [URL="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268"]CAN-2005-1268[/URL] The other alert are in: "mod_ssl" with: Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerabillity "mod_ssl" with: Apache Mod_SSL Log Function Format String Vulnerabillity and in "Web Server" with: TRACE Method Enabled As I'm still using 2.0.54, I though that it would be a good thing to update.. I guess it's may be a false positive, as mentioned in the report.
If you want to upgrade, I recommend to upgrade to the latest version of the 2.0.x series and not 2.2.2 as the configuration options in the 2.0.x series are stable and you will get less problems with an upgrade.
I've tried several times now on a virtual system (Debian Sarge Apache 2.0.54 > 2.0.58), but with no luck :/
If you have installed Apache fomr your distribution's packages: these packages are often patched to fix vulnerabilities, but the version numbers are still old, so it can mean that your Apache is secure although it claims to be 2.0.54.
I also need to upgrade my Apache from 2.0.54 to 2.0.56. I usually do this the easy way by using rpmfind.net from webmin. All I am finding though is 2.0.55, and yet on the Apache website there are discussions about 2.0.58. So what happened to 2.0.56?? Can you fill in the gaps for me? Thanks
It seems they removed 2.0.56 because it's not even listed here: http://archive.apache.org/dist/httpd/ Maybe it had a serious bug or something like that.
