Jump to content

Apache HTTP Proxy version 2.4.48.1 is out-of-date


st3fan
 Share

Recommended Posts

Hi everyone

The Apache HTTP Proxy version (for Windows) that one can download from the ESET website is out-of-date and vulnerable (2.4.48.1). Does anyone know how to update this component to the most recent version (2.4.51)? Support has been unable to help so far.

I downloaded the Windows versions listed here (https://httpd.apache.org/download.cgi#apache24) but I doubt this will work as the folder content seems to be different compared to the installer files that ESET provides (e.g. the entire "modules" folder seems to be missing).

It would be great if anyone could point me in the right direction. Thank you.

 

Link to comment
Share on other sites

  • Administrators

It's enough to copy these modules from the installer to the modules folder:

mod_access_compat.dll  
mod_alias.dll          
mod_authn_core.dll     
mod_authn_file.dll     
mod_authz_core.dll     
mod_authz_groupfile.dll
mod_authz_host.dll     
mod_auth_basic.dll     
mod_cache.dll          
mod_cache_disk.dll     
mod_cache_socache.dll  
mod_env.dll            
mod_headers.dll        
mod_log_config.dll     
mod_proxy.dll          
mod_proxy_connect.dll  
mod_proxy_http.dll     
mod_ssl.dll            

The latest version of Apache proxy will be included in the next service release of ESET PROTECT all-in-one installer.

Link to comment
Share on other sites

Thank you Marcos.

Do you know why ESET does not provide a more recent version? I am assuming version 2.4.48.1 is affected by this (https://www.rapid7.com/blog/post/2021/11/30/active-exploitation-of-apache-http-server-cve-2021-40438)? Or does this vulnerability only affect 2.4.48 but not 2.4.48.1?

In the ESET release notes I found the following statement but I am unsure if they are referring to the above vulnerability or something else:

FIXED: Apache HTTP Proxy (v 2.4.48) replaced with the newer version (v 2.4.48.1) due to discovered vulnerabilities in the older version

I would appreciate if you could clarify this. Thank you.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...