RichardW 3 Posted June 23, 2021 Posted June 23, 2021 Hi, We're currently using Eset within a PCI Compliant environment as part of that we need to run quarterly nessus scans I ran one just recently and something cropped up regarding the version of Apache Proxy used by Eset Currently the latest version from eset is 2.4.46 High 150280 Apache 2.4.x < 2.4.47 Multiple Vulnerabilities The version of Apache httpd installed on the remote host is prior to 2.4.47. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.47 changelog: IAVA: 2021-A-0259 CVE: CVE-2019-17567, CVE-2020-13938, CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641 Medium 150244 Apache 2.4.x < 2.4.48 Vulnerability The version of Apache httpd installed on the remote host is prior to 2.4.48. It is, therefore, affected by a vulnerability as referenced in the 2.4.48 changelog. IAVA: 2021-A-0259 CVE: CVE-2021-31618 Are there any plans to update the version of apache proxy used by eset? I'll probably have to look into using the apache sources otherwise Many Thanks
Administrators Marcos 5,451 Posted June 23, 2021 Administrators Posted June 23, 2021 Please open a support ticket with your local ESET distributor. I assume that most (if not all vulnerabilities) you've listed do not affect the Apache http proxy that ESET provides.
Recommended Posts