pps 4 Posted November 15, 2019 Share Posted November 15, 2019 Hello, Apache HTTP Proxy 2.4.39 has multiple Vulnerabilities we are advised to upgrade to 2.2.41 or newer. Do we have an ETA when 2.2.41+ will be released? Quote – Multiple Vulnerabilities (High) Apache 2.4.x < 2.4.41 Corrective Actions: It is advised to upgrade to the latest version of Apache web server or at least to version 2.4.41. Thanks, Peter Link to comment Share on other sites More sharing options...
pps 4 Posted November 18, 2019 Author Share Posted November 18, 2019 (edited) Hello, Do we have any feedback regarding this issue? Edited November 18, 2019 by pps Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted November 18, 2019 Administrators Share Posted November 18, 2019 What specific vulnerabilities are you referring to? It could be that ESET's HTTP proxy is not affected because the appropriate module may not be used whatsoever. Link to comment Share on other sites More sharing options...
pps 4 Posted November 18, 2019 Author Share Posted November 18, 2019 @Marcosplease check those sites: https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/version_id-326213/Apache-Http-Server-2.4.39.html https://httpd.apache.org/security/vulnerabilities_24.html Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted November 18, 2019 Administrators Share Posted November 18, 2019 Our HTTP Proxy is not affected by the HTTP/2 vulnerabilities (ie. CVE-2019-10081, CVE-2019-10082). Not sure about the rest but I'm positive that if the HTTP proxy was affected by a severe vulnerability, a newer version would be made available. Link to comment Share on other sites More sharing options...
Recommended Posts