I've recently been trying to test out a vulnerability in Apache Webserver that requires a very specific version of Apache2 and its related libfiles. (Specifically, libapache2-uwsgi versions in the range v2.4.32 to v2.4.44 are vulnerable to this publicly listed exploit. I wish to test it.
I've been trying out two different methods of getting apache to work properly, and thusfar have not been able to get it working either way.
Method 1:
My problem is, whilst I have managed to find the Launchpad for these version (https://launchpad.net/ubuntu/+source/apache2) - Specifically version 2.4.41.
[Problem 1: What architecture does Ubuntu use when virtualized with Virtual Box?]
Through this, I've been downloading the .deb files for everything there. Unfortunately, I've been unable to install it using dpkg due to dependency problems (the deb files relate to each other in a way I personally don't know).
This is as far as I have gotten in this method.
Method 2
Through (https://httpd.apache.org/docs/2.4/install.html), I have also been attempting to compile and install Apache via httpd method.
After many hours of debug on AskUbuntu and similar, I found about needing APR, APR-Utils and PCRE sources in /httpd/srclib/ and acted to put them there.
[Problem 2: During make, I get an error stating:
ab.c:(.text+0x6228): undefined reference to `SSLv2_client_method'
/usr/bin/ld: ab.c:(.text+0x625f): undefined reference to `SSLv3_client_method'
/usr/bin/ld: ab.c:(.text+0x6509): undefined reference to `CRYPTO_malloc_init'
Unfortunately, unlike in this Stackoverflow Post or this reference, the /usr/local/php-5.5.3/ folder doesn't exist.]
Any help on either of these methods would be massive help. Thanks in advance!
