Urchin 5 ships with an embedded Apache webserver that provides access to the web-based Urchin administration and reporting functions. As reported in the following security advisory:
Impact on Urchin Customers
After examination the threat, Urchin Software Corporation's position on this issue is that the Apache server shipped with Urchin is not vulnerable to this exploit, and no action is necessary. Additional notes:
- Exploitation of the vulnerability requires the Apache server to be configured as a proxy. Urchin does not provide any means for configuring the embedded Apache server to be a proxy.
- The Apache server shipped with Urchin is not built with the mod_proxy module