Jump to content

Recommended Posts

Posted

Hi,
We're currently using Eset within a PCI Compliant environment
as part of that we need to run quarterly nessus scans
I ran one just recently and something cropped up regarding the version of Apache Proxy used by Eset

Currently the latest version from eset is 2.4.46

High    150280    Apache 2.4.x < 2.4.47 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.47. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.47 changelog:
IAVA:  2021-A-0259
CVE:  CVE-2019-17567, CVE-2020-13938, CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641

Medium    150244    Apache 2.4.x < 2.4.48 Vulnerability
The version of Apache httpd installed on the remote host is prior to 2.4.48. It is, therefore, affected by a vulnerability as referenced in the 2.4.48 changelog.
IAVA:  2021-A-0259
CVE:  CVE-2021-31618

Are there any plans to update the version of apache proxy used by eset?
I'll probably have to look into using the apache sources otherwise

Many Thanks

  • Administrators
Posted

Please open a support ticket with your local ESET distributor. I assume that most (if not all vulnerabilities) you've listed do not affect the Apache http proxy that ESET provides.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...