CA20090429-01: Security Notice for CA ARCserve Backup Apache HTTP Server - CA Technologies
{{search ? 'Close':'Search'}}

CA20090429-01: Security Notice for CA ARCserve Backup Apache HTTP Server

Issued: April 29, 2009

CA's support is alerting customers to security risks with CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX. Multiple vulnerabilities exist in the Apache HTTP Server version as shipped with ARCserve Backup. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities.

Refer to the References section for a list of resolved issues by CVE identifier.

Risk Rating




Affected Products

CA ARCserve Backup r11.5 Solaris
CA ARCserve Backup r11.5 Tru64
CA ARCserve Backup r11.5 HP-UX
CA ARCserve Backup r11.5 AIX

Non-Affected Products

CA ARCserve Backup r11.5 Windows
CA ARCserve Backup r11.5 Linux

How to determine if the installation is affected

  1. From the command line, run the following to print the version of the Apache HTTP Server included with ARCserve Backup:

    $BAB_HOME/httpd/httpd -v

    Note: On HP-UX the shared library path needs to be modified prior to running the httpd command:

    export SHLIB_PATH

  2. If the displayed version is less than 2.0.63, then the installation may be vulnerable.


CA has issued the following patches to address the vulnerabilities.

CA ARCserve Backup r11.5 Solaris:

CA ARCserve Backup r11.5 Tru64:

CA ARCserve Backup r11.5 HP-UX:

CA ARCserve Backup r11.5 AIX:


As a workaround solution, disable the Apache HTTP Server with the "stopgui" command. To re-enable the server, run "startgui".

Stopping the Apache HTTP Server will prevent the ARCserve user from performing GUI operations. Most of the operations provided by the GUI can be accomplished via the command line.

Alternatively, restrict remote network access to reduce exposure.



Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Support at

If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{}} will be helping you today.

    View Profile

  • Transfered to {{}}

    {{}} joined the conversation

    {{}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1]}} has ended.
    Thank you for your interest in CA.

    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

agent is typing