WampServer
Apache, PHP, MySQL
on Windows
Vulnerability
Posted by:
asreeram
(---.visa.com)
Date: February 16, 2017 06:44PM
Hi ,
I am running WAMP Server and was recently identified to have the following vulnerabilities with Apache Server:
38626 - Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
38603 - SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)
42366 - SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
Solution:
Upgrade the apache OpenSSL 1.0.1 to 1.0.1t.
SSL configuration in Apache:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
Add -SSLv3 to the "SSLProtocol" line
Can you please help how I can upgrade the OpenSSL in WAMP and set the above SSL Configuration.
Thank you,
Anand
I am running WAMP Server and was recently identified to have the following vulnerabilities with Apache Server:
38626 - Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
38603 - SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)
42366 - SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
Solution:
Upgrade the apache OpenSSL 1.0.1 to 1.0.1t.
SSL configuration in Apache:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
Add -SSLv3 to the "SSLProtocol" line
Can you please help how I can upgrade the OpenSSL in WAMP and set the above SSL Configuration.
Thank you,
Anand
Re: Vulnerability
Posted by:
RiggsFolly
(Moderator)
Date: February 16, 2017 08:14PM
Hi
Please read and answer Some basic questions about your WAMPServer installation and version to help us give you an accurate answer
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
Please read and answer Some basic questions about your WAMPServer installation and version to help us give you an accurate answer
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
Re: Vulnerability
Posted by:
asreeram
(---.visa.com)
Date: February 16, 2017 08:27PM
Thank you for your response.
Microsoft Windows Server 2008 R2 Enterprise
WAMP Server: 2.5
Apache : 2.4.9
OpenSSL: 1.0.1g
phpVersion = "5.5.12"
mysqlVersion = "5.6.17"
phpmyadminVersion = 4.1.14
Regards,
Anand
Microsoft Windows Server 2008 R2 Enterprise
WAMP Server: 2.5
Apache : 2.4.9
OpenSSL: 1.0.1g
phpVersion = "5.5.12"
mysqlVersion = "5.6.17"
phpmyadminVersion = 4.1.14
Regards,
Anand
Re: Vulnerability
Posted by:
RiggsFolly
(Moderator)
Date: February 17, 2017 03:14AM
Thanks,
Ok read this post [stackoverflow.com]
It should give you enough info to be able to upgrade the openssl and associated dll's
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
Ok read this post [stackoverflow.com]
It should give you enough info to be able to upgrade the openssl and associated dll's
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
Sorry, only registered users may post in this forum.
