Open Secure Sockets Layer (OpenSSL) Read/Write After Secure Sockets Layer (SSL)
-
Doing some cleanup in our environment before we do penetration testing. We have a vulnerability on our FOG server (CentOS 7 64 bit) where it appears we have an EoL PHP version 7.2. My colleague handles FOG updates quarterly and says we are on the latest version. How do we check the version of FOG in the Linux CLI? Also, is PHP 7.2 the latest version supported for FOG? Are we able to upgrade this separately?
I am just starting to get my hands on FOG and learn more about it, so I am sure these are “easy” questions, but I was not finding anything in the forums already or user guides.
Vulnerable OpenSSL version detected on port 443 over TCP -
Date: Sat, 30 Mar 2024 13:30:43 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
X-Powered-By: PHP/7.2.34
Location: /fog/index.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8 -
For relies on the underlying host OS to provide package support. FOG will work with PHP8. The issue is that CentOS 7 doesn’t have packages available to support newer versions of PHP. Or to say it a different way, the issue is with your FOG Server’s OS, not FOG Project Imaging programming.
Now how can you tell what version of fog are you running? The fog web gui will display the version. FWIW: The latest version of v1.5.10
-
@george1421 Thank you for the information. It makes sense it would be the OS of the server. I just wanted to make sure that was the case. I spaced on the web UI as I have not been in that for quite some time. I think this answers all of my questions. You can Solve the case (I don’t see where I can do this if I do have that as an option).
-
[[undefined-on,
G george1421, ]]