Google 网上论坛不再支持新的 Usenet 帖子或订阅项。历史内容仍可供查看。

openSSL vulnerabilities within Apache2.4.53

已查看 33 次
跳至第一个未读帖子

Sherry Tha

未读,
2022年5月12日 11:51:092022/5/12
收件人
Our security team have notified me of a vulnerability scan detected that is pretty high. The vulnerability (CVE-2022-1292) score is listed as 10.0 (critical) and was detected based on the presence of OpenSSL with a version prior to 1.1.1o running on port 443 on the server. I was able to verify that it is the Apache service that is utilizing that vulnerable version openSSL on port 443. This Apache HTTP Server 2.4 comes with a limited OpenSSL distribution which is at version OpenSSL 1.1.1n.
According to NVD Record for CVE-2022-1292, this c_rehash script/command issue is Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n) and we are only on OpenSSL 1.1.1n. How would i go about fixing this vulnerability? Do i wait for a new apache to be release to fix it is there a way to upgrade to a higher openSSL? I'm not all that slick with security yet : Please advise.
0 个新帖子