st3fan 6 Posted December 2, 2021 Share Posted December 2, 2021 Hi everyone The Apache HTTP Proxy version (for Windows) that one can download from the ESET website is out-of-date and vulnerable (2.4.48.1). Does anyone know how to update this component to the most recent version (2.4.51)? Support has been unable to help so far. I downloaded the Windows versions listed here (https://httpd.apache.org/download.cgi#apache24) but I doubt this will work as the folder content seems to be different compared to the installer files that ESET provides (e.g. the entire "modules" folder seems to be missing). It would be great if anyone could point me in the right direction. Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,169 Posted December 2, 2021 Administrators Share Posted December 2, 2021 It's enough to copy these modules from the installer to the modules folder: mod_access_compat.dll mod_alias.dll mod_authn_core.dll mod_authn_file.dll mod_authz_core.dll mod_authz_groupfile.dll mod_authz_host.dll mod_auth_basic.dll mod_cache.dll mod_cache_disk.dll mod_cache_socache.dll mod_env.dll mod_headers.dll mod_log_config.dll mod_proxy.dll mod_proxy_connect.dll mod_proxy_http.dll mod_ssl.dll The latest version of Apache proxy will be included in the next service release of ESET PROTECT all-in-one installer. Link to comment Share on other sites More sharing options...
st3fan 6 Posted December 3, 2021 Author Share Posted December 3, 2021 Thank you Marcos. Do you know why ESET does not provide a more recent version? I am assuming version 2.4.48.1 is affected by this (https://www.rapid7.com/blog/post/2021/11/30/active-exploitation-of-apache-http-server-cve-2021-40438)? Or does this vulnerability only affect 2.4.48 but not 2.4.48.1? In the ESET release notes I found the following statement but I am unsure if they are referring to the above vulnerability or something else: FIXED: Apache HTTP Proxy (v 2.4.48) replaced with the newer version (v 2.4.48.1) due to discovered vulnerabilities in the older version I would appreciate if you could clarify this. Thank you. Link to comment Share on other sites More sharing options...
st3fan 6 Posted December 7, 2021 Author Share Posted December 7, 2021 I see that version 2.4.51.0 is now available (https://www.eset.com/int/business/download/eset-protect/#standalone). Link to comment Share on other sites More sharing options...
Recommended Posts