4 Replies Latest reply on Sep 4, 2009 8:35 AM by tonyb99

    Apache 2.0.58 in EPO 4 patch 5: security issue?

      Greetings,

      One of our network security scanning tools is complaining about a vulnerable file as part of our EPO installation. Here's the path to the file:

      C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\bin\Apache.exe

      According to the version information, this is Apache 2.0.58, which is an older version and does have some security issues.

      Questions:

      1) Is this the version of the file that's supposed to be there with EPO4 patch 5, or did something not get upgraded when I applied the latest patch?

      2) Is this really a problem, or is the Apache service in EPO configured in such a way as to mitigate the vulnerability?

      Normally on a linux server I'd just update Apache and be done with it, but since this instance is installed as part of EPO I'm not so sure I can just drop in a new Apache binary. I'm guessing that might cause problems!

      Any information would be greatly appreciated. Thanks!

      Kevin