cancel
Showing results for 
Search instead for 
Did you mean: 
kmr
Level 7
Report Inappropriate Content
Message 1 of 5

Apache 2.0.58 in EPO 4 patch 5: security issue?

Greetings,

One of our network security scanning tools is complaining about a vulnerable file as part of our EPO installation. Here's the path to the file:

C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\bin\Apache.exe

According to the version information, this is Apache 2.0.58, which is an older version and does have some security issues.

Questions:

1) Is this the version of the file that's supposed to be there with EPO4 patch 5, or did something not get upgraded when I applied the latest patch?

2) Is this really a problem, or is the Apache service in EPO configured in such a way as to mitigate the vulnerability?

Normally on a linux server I'd just update Apache and be done with it, but since this instance is installed as part of EPO I'm not so sure I can just drop in a new Apache binary. I'm guessing that might cause problems!

Any information would be greatly appreciated. Thanks!

Kevin
4 Replies

RE: Apache 2.0.58 in EPO 4 patch 5: security issue?

That's strange the apache.exe version should be 2.2.9, that's the one I have in my ePO 4.5

Is your ePO 4.5 the RTW version or is it an RC?
kmr
Level 7
Report Inappropriate Content
Message 3 of 5

RE: Apache 2.0.58 in EPO 4 patch 5: security issue?



Mine is EPO 4.0 patch 5, not EPO 4.5. It's build 1298.

Kevin

RE: Apache 2.0.58 in EPO 4 patch 5: security issue?

Sorry you are right, I read it too fast and made the mistake.

With ePO 4.0p5 the apache version used is the same as yours, 2.0.58.200
tonyb99
Level 13
Report Inappropriate Content
Message 5 of 5

RE: Apache 2.0.58 in EPO 4 patch 5: security issue?

I think I remember some trying to update the standard apache version, I dont think it worked out for him though