10-07-2013 01:59 AM
Recently concluded VA shows that our 2 Fabrics (DS 300 ) which have the following vulnerabilities
57792 (2) - Apache HTTP Server httpOnly Cookie Information Disc
And the Auditor is recommending to upgrade the Apache version to the latest
Would appreciate if somebody could provide their experience or their suggestion In this regard.
10-08-2013 09:22 AM
Hi Muraleedaran. You are very welcome. So in handling vulnerability assessments, you have to really educate yourself as, even though a device has been flagged, in many cases, isn't pertinent to the environment. So the reason I'm mentioning this, I've dealt with hundreds of vulnerability assessments where individuals panic (not implying you are of course) because of the vulnerability reports, but never stopped to really find out if they are truly vulnerable. Now that being said, here's what I have for you...
Now here are the Apache version used in FOS...
FOS version: 6.1.0j / Apache version used: 1.3.31
FOS version: 6.4 (and up) / Apache version used: 2.0.50
So from v6.4 up to v7.2, Apache 2.0.50 is used. Let me know if more information is needed.