Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

openSSL vulnerabilities within Apache2.4.53

33 views
Skip to first unread message

Sherry Tha

unread,
May 12, 2022, 11:51:09 AM5/12/22
to
Our security team have notified me of a vulnerability scan detected that is pretty high. The vulnerability (CVE-2022-1292) score is listed as 10.0 (critical) and was detected based on the presence of OpenSSL with a version prior to 1.1.1o running on port 443 on the server. I was able to verify that it is the Apache service that is utilizing that vulnerable version openSSL on port 443. This Apache HTTP Server 2.4 comes with a limited OpenSSL distribution which is at version OpenSSL 1.1.1n.
According to NVD Record for CVE-2022-1292, this c_rehash script/command issue is Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n) and we are only on OpenSSL 1.1.1n. How would i go about fixing this vulnerability? Do i wait for a new apache to be release to fix it is there a way to upgrade to a higher openSSL? I'm not all that slick with security yet : Please advise.
0 new messages