Software Security Customer Advisories

As part of an ongoing commitment to software quality, an issue has been discovered within HP HTTP Server versions 5.0 through 5.96. HP HTTP Server is a component of HP Web Based Management Products for Microsoft Windows NT 4.0, Windows 2000, and Windows 2003.

HP has addressed the following issues in HP HTTP Server version 5.97:

• Updated to OpenSSL 0.9.6m+ patch for SSL v2 Rollback issue (CAN-2005-2969)

This update is recommended for all systems running HP web-based management software and Microsoft Windows NT 4.0, plus systems running Windows 2000, Windows 2003 and versions of HP web-based management software prior to v7.20 of the HP ProLiant Support Pack, HP SmartStart CD and HP Management CD. See the Table of Affected Software for version details.

You can verify the version of HP HTTP Server by viewing the bottom left corner of the System Management Homepage. For some older versions, you will need to hover over the copyright line. HP strongly recommends that you update your software as soon as possible to remove the vulnerabilities listed above.

Table of affected software

Download patch

As part of an ongoing commitment to software quality, an issue has been discovered within HP HTTP Server versions 5.0 through 5.95. HP HTTP Server is a component of HP Web Based Management Products for Microsoft Windows NT 4.0, Windows 2000, and Windows 2003.

HP has addressed the following issues in HP HTTP Server version 5.96:

• Incorporated a security enhancement to prevent malicious attacks on input parameters.

You can verify the version of HP HTTP Server by viewing the bottom left corner of the System Management Homepage. For some older versions, you will need to hover over the copyright line. HP strongly recommends that you update your software as soon as possible to remove these vulnerabilities.

Table of affected software

Download patch