Vulnerabilities Apache ciscoworks LMS2.5

Unanswered Question
Jan 26th, 2009
User Badges:

Hi to all,


The security department of my customer site ran a Vulnerability test on the LMS server and they found this:


Level High

Apache Speculative Mode Denial Of Service

Apache mod_ssl Plain HTTP Request DoS


Level Medium

Apache 1.3.x Multiple Vulnerabilities

Apache Environment Variable Conf File Buffer Overflow

CHARGEN service (Simple TCP Services on Windows) - REMOTE

Apache mod_alias and mod_rewrite Buffer Overflow


Is there a patch or a procedure that I can perform in order to fix this vulnerabilities???


Thanks in advance for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Mon, 01/26/2009 - 09:48
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You'll need to upgrade to LMS 2.6 SP1 first. Once there, you will be eligible for the upcoming Apache 1.3.41 update (fix for CSCsx09107). LMS 2.6 can be downloaded from http://www.cisco.com/cgi-bin/tablebuild.pl/lms26 , and the SP1 components can be downloaded from within Common Services > Software Center > Software Update.

Actions

This Discussion