Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vulnerabilities Apache ciscoworks LMS2.5

Hi to all,

The security department of my customer site ran a Vulnerability test on the LMS server and they found this:

Level High

Apache Speculative Mode Denial Of Service

Apache mod_ssl Plain HTTP Request DoS

Level Medium

Apache 1.3.x Multiple Vulnerabilities

Apache Environment Variable Conf File Buffer Overflow

CHARGEN service (Simple TCP Services on Windows) - REMOTE

Apache mod_alias and mod_rewrite Buffer Overflow

Is there a patch or a procedure that I can perform in order to fix this vulnerabilities???

Thanks in advance for your help.

1 REPLY
Cisco Employee

Re: Vulnerabilities Apache ciscoworks LMS2.5

You'll need to upgrade to LMS 2.6 SP1 first. Once there, you will be eligible for the upcoming Apache 1.3.41 update (fix for CSCsx09107). LMS 2.6 can be downloaded from http://www.cisco.com/cgi-bin/tablebuild.pl/lms26 , and the SP1 components can be downloaded from within Common Services > Software Center > Software Update.

265
Views
0
Helpful
1
Replies