RichardW 3 Posted December 17, 2021 Posted December 17, 2021 Hi, I currently have a setup involving Eset Protect Server and Apache Proxy This is located on a PCI Compliant system so as part of it I need to run Nessus scans every so often I've updated to the latest Eset versions recently but there seems to be a single High Vulnerability showing on the Nessus Reports associated with Apache Proxy OpenSSL 1.1.1 < 1.1.1l Vulnerabilityhttps://www.tenable.com/plugins/nessus/152782 Port 3128 Banner : Apache/2.4.46 (Win64) OpenSSL/1.1.1i-dev Reported version : 1.1.1i Fixed version : 1.1.1l Other Links:https://github.com/openssl/openssl/commit/59f5e75f3bced8fc0e130d72a3f582cf7b480b46https://www.openssl.org/news/secadv/20210824.txt Can I ask is this something I need to worry about?, will it be addressed in a future Eset Protect update? It looks like a similar query was raised here back in Septemberhttps://forum.eset.com/topic/29836-nessus-reports-critical-openssl-vulnerability-on-eset-protect-server/ Although I don't think an update to Apache Proxy has been rolled out as part of the latest Eset Protect Version 9 Many Thanks Richard
ESET Moderators Peter Randziak 1,181 Posted December 20, 2021 ESET Moderators Posted December 20, 2021 Hello @RichardW, the latest Apache HTTP Proxy offered by ESET is 2.4.51.0 https://www.eset.com/int/business/download/eset-protect/#standalone and it should use OpenSSL 1.1.1l so would recommend to upgrade to it and run the test again... Regards, Peter
Recommended Posts