Jump to content

Nessus reports High Vulnerability OpenSSL 1.1.1 < 1.1.1l


Recommended Posts

Hi,
I currently have a setup involving Eset Protect Server and Apache Proxy
This is located on a PCI Compliant system so as part of it I need to run Nessus scans every so often
I've updated to the latest Eset versions recently
but there seems to be a single High Vulnerability showing on the Nessus Reports associated with Apache Proxy

OpenSSL 1.1.1 < 1.1.1l Vulnerability
https://www.tenable.com/plugins/nessus/152782

Port 3128
Banner           : Apache/2.4.46 (Win64) OpenSSL/1.1.1i-dev
Reported version : 1.1.1i
Fixed version    : 1.1.1l

Other Links:
https://github.com/openssl/openssl/commit/59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://www.openssl.org/news/secadv/20210824.txt

Can I ask is this something I need to worry about?, will it be addressed in a future Eset Protect update?
It looks like a similar query was raised here back in September
https://forum.eset.com/topic/29836-nessus-reports-critical-openssl-vulnerability-on-eset-protect-server/
Although I don't think an update to Apache Proxy has been rolled out as part of the latest Eset Protect Version 9

Many Thanks
Richard

Link to comment
Share on other sites

  • ESET Moderators

Hello @RichardW,

the latest Apache HTTP Proxy offered by ESET is 2.4.51.0 https://www.eset.com/int/business/download/eset-protect/#standalone and it should use OpenSSL 1.1.1l

so would recommend to upgrade to it and run the test again...

Regards, Peter

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...