https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3752977#M984541 <P>Hi,</P> <P><SPAN>Apache Remote Web Server is affected by multiple vulnerabilities on the FXOS Version 2.3(1.73)</SPAN></P> <P><SPAN><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj48872/?rfs=iqvred" target="_self">CSCvj48872</A> it is fixed on the&nbsp; version 2.3(1.88) &amp;&nbsp;2.3(1.82)</SPAN></P> <P>&nbsp;</P> <P><SPAN>Multiple Common Vulnerability and Exposures ID's CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, <BR />CVE-2018-1312</SPAN></P> <P>&nbsp;</P> <P><SPAN>HTH</SPAN></P> <P><SPAN>Abheesh</SPAN></P> Mon, 26 Nov 2018 18:24:39 GMT Abheesh Kumar 2018-11-26T18:24:39Z https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3752938#M984540 <P>Hello!</P> <P>&nbsp;</P> <P>During a vulnerability scan on my FTD 4120, I was provided with the below vulnerability to resolve. Can you tell me if 4120 has enabled the H2 protocol?</P> <P>&nbsp;</P> <P>Vulnerability description:</P> <P>Apache HTTPD: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)<BR />By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.</P> Fri, 21 Feb 2020 16:30:18 GMT https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3752938#M984540 ChristopherO 2020-02-21T16:30:18Z https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3752977#M984541 <P>Hi,</P> <P><SPAN>Apache Remote Web Server is affected by multiple vulnerabilities on the FXOS Version 2.3(1.73)</SPAN></P> <P><SPAN><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj48872/?rfs=iqvred" target="_self">CSCvj48872</A> it is fixed on the&nbsp; version 2.3(1.88) &amp;&nbsp;2.3(1.82)</SPAN></P> <P>&nbsp;</P> <P><SPAN>Multiple Common Vulnerability and Exposures ID's CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, <BR />CVE-2018-1312</SPAN></P> <P>&nbsp;</P> <P><SPAN>HTH</SPAN></P> <P><SPAN>Abheesh</SPAN></P> Mon, 26 Nov 2018 18:24:39 GMT https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3752977#M984541 Abheesh Kumar 2018-11-26T18:24:39Z https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3753012#M984542 <P>Thanks for the quick response Abheesh,&nbsp;</P> <P>&nbsp;</P> <P>The FXOS version installed is 2.3(1.88) and I plan to upgrade to 2.3(1.56) soon.&nbsp;</P> <P>The Vulnerability has Exposures ID of CVE-2018-11763 listed which i didn't see listed below. If I am running FXOS 2.3(1.88) and the scan still is reporting the vulnerability, what should i do to resolve this, or should it be marked as a false positive?&nbsp;</P> <P>&nbsp;</P> <P>Thanks for your help!</P> <P>Chris</P> <P>&nbsp;</P> Mon, 26 Nov 2018 19:40:21 GMT https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3753012#M984542 ChristopherO 2018-11-26T19:40:21Z https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3753067#M984543 Hi,<BR />Are you planning to downgrade...??? I think its recommended to upgrade to latest version. <BR />As per the bug CSCvj48872, its fixed on the mentioned releases but in your case as per the vulnerability scan its still affected, my suggestion is to open a ticket with cisco for further more verification/analysis.<BR /><BR />HTH<BR />Abheesh Mon, 26 Nov 2018 20:49:50 GMT https://community.cisco.com/t5/network-security/ftd-4120-vulnerability/m-p/3753067#M984543 Abheesh Kumar 2018-11-26T20:49:50Z