Jump to content

Apache HTTP Proxy version 2.4.48.1 is out-of-date


Recommended Posts

Hi everyone

The Apache HTTP Proxy version (for Windows) that one can download from the ESET website is out-of-date and vulnerable (2.4.48.1). Does anyone know how to update this component to the most recent version (2.4.51)? Support has been unable to help so far.

I downloaded the Windows versions listed here (https://httpd.apache.org/download.cgi#apache24) but I doubt this will work as the folder content seems to be different compared to the installer files that ESET provides (e.g. the entire "modules" folder seems to be missing).

It would be great if anyone could point me in the right direction. Thank you.

 

Link to comment
Share on other sites

  • Administrators

It's enough to copy these modules from the installer to the modules folder:

mod_access_compat.dll  
mod_alias.dll          
mod_authn_core.dll     
mod_authn_file.dll     
mod_authz_core.dll     
mod_authz_groupfile.dll
mod_authz_host.dll     
mod_auth_basic.dll     
mod_cache.dll          
mod_cache_disk.dll     
mod_cache_socache.dll  
mod_env.dll            
mod_headers.dll        
mod_log_config.dll     
mod_proxy.dll          
mod_proxy_connect.dll  
mod_proxy_http.dll     
mod_ssl.dll            

The latest version of Apache proxy will be included in the next service release of ESET PROTECT all-in-one installer.

Link to comment
Share on other sites

Thank you Marcos.

Do you know why ESET does not provide a more recent version? I am assuming version 2.4.48.1 is affected by this (https://www.rapid7.com/blog/post/2021/11/30/active-exploitation-of-apache-http-server-cve-2021-40438)? Or does this vulnerability only affect 2.4.48 but not 2.4.48.1?

In the ESET release notes I found the following statement but I am unsure if they are referring to the above vulnerability or something else:

FIXED: Apache HTTP Proxy (v 2.4.48) replaced with the newer version (v 2.4.48.1) due to discovered vulnerabilities in the older version

I would appreciate if you could clarify this. Thank you.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...