RichardW 3 Posted December 17, 2021 Share Posted December 17, 2021 Hi, I currently have a setup involving Eset Protect Server and Apache Proxy This is located on a PCI Compliant system so as part of it I need to run Nessus scans every so often I've updated to the latest Eset versions recently but there seems to be a single High Vulnerability showing on the Nessus Reports associated with Apache Proxy OpenSSL 1.1.1 < 1.1.1l Vulnerabilityhttps://www.tenable.com/plugins/nessus/152782 Port 3128 Banner : Apache/2.4.46 (Win64) OpenSSL/1.1.1i-dev Reported version : 1.1.1i Fixed version : 1.1.1l Other Links:https://github.com/openssl/openssl/commit/59f5e75f3bced8fc0e130d72a3f582cf7b480b46https://www.openssl.org/news/secadv/20210824.txt Can I ask is this something I need to worry about?, will it be addressed in a future Eset Protect update? It looks like a similar query was raised here back in Septemberhttps://forum.eset.com/topic/29836-nessus-reports-critical-openssl-vulnerability-on-eset-protect-server/ Although I don't think an update to Apache Proxy has been rolled out as part of the latest Eset Protect Version 9 Many Thanks Richard Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,015 Posted December 20, 2021 ESET Moderators Share Posted December 20, 2021 Hello @RichardW, the latest Apache HTTP Proxy offered by ESET is 2.4.51.0 https://www.eset.com/int/business/download/eset-protect/#standalone and it should use OpenSSL 1.1.1l so would recommend to upgrade to it and run the test again... Regards, Peter Link to comment Share on other sites More sharing options...
Recommended Posts