4 Replies Latest reply on Sep 4, 2009 8:35 AM by tonyb99

    Apache 2.0.58 in EPO 4 patch 5: security issue?


      One of our network security scanning tools is complaining about a vulnerable file as part of our EPO installation. Here's the path to the file:

      C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\bin\Apache.exe

      According to the version information, this is Apache 2.0.58, which is an older version and does have some security issues.


      1) Is this the version of the file that's supposed to be there with EPO4 patch 5, or did something not get upgraded when I applied the latest patch?

      2) Is this really a problem, or is the Apache service in EPO configured in such a way as to mitigate the vulnerability?

      Normally on a linux server I'd just update Apache and be done with it, but since this instance is installed as part of EPO I'm not so sure I can just drop in a new Apache binary. I'm guessing that might cause problems!

      Any information would be greatly appreciated. Thanks!