Sherry Tha
未读,2022年5月12日 11:51:092022/5/12您无权在此群组中删除帖子
要么此群组的电子邮件地址为匿名状态,要么您得查看成员电子邮件地址权限才能查看原始帖子
收件人
Our security team have notified me of a vulnerability scan detected that is pretty high. The vulnerability (CVE-2022-1292) score is listed as 10.0 (critical) and was detected based on the presence of OpenSSL with a version prior to 1.1.1o running on port 443 on the server. I was able to verify that it is the Apache service that is utilizing that vulnerable version openSSL on port 443. This Apache HTTP Server 2.4 comes with a limited OpenSSL distribution which is at version OpenSSL 1.1.1n.
According to NVD Record for CVE-2022-1292, this c_rehash script/command issue is Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n) and we are only on OpenSSL 1.1.1n. How would i go about fixing this vulnerability? Do i wait for a new apache to be release to fix it is there a way to upgrade to a higher openSSL? I'm not all that slick with security yet : Please advise.