cisco works LMS 4.0 ,Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

Prasanna Damodaran · ‎12-23-2011

Cisco works LMS 4.0 ,Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

This vulnerability has been fixed in release apache 2.2.20 and further corrected
in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the
legacy 2.0.65 release,

Can any one give the steps to upgrade the apache http server 2.2.10 to 2.2.21 in windows 2008 server?

Nael Mohammad · ‎12-24-2011

For the following PSIRT:

http://www.cisco.com/en/US/products/csa/cisco-sa-20110830-apache.html

Download the following patch "lms40-win-Oct2011-su1-0.zip" :

http://www.cisco.com/cisco/software/release.html?mdfid=283434800&flowid=19062&softwareid=280775103&os=Windows&release=4.0&relind=AVAILABLE&rellifecycle=&reltype=latest

The instructions should be in the zip file how to install the patch.

This should cover all theses bugs that you can query in the bug tool kit:

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

CSCte45565

CSCto12712

CSCto23584

CSCto23622

CSCto35544

CSCto35577

CSCtq48990

Marvin Rhoads · ‎12-24-2011

Nael, while the 4.1 upgrade can be downlaoded from the link you cited, I'm pretty sure a customer is required to have current Smartnet support on their LMS product to be able to obtain a new Product Activation Key (PAK) and license file.

A new license is required for 4.0 to 4.1 migration. The license file that is used on one's LMS 4.0 (or 4.0.1) will not work with LMS 4.1.

Nael Mohammad · ‎12-24-2011

Here is the correct info as the previous stated, it depends on your smartnet contract.

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/install/guide/prep.html#wp1358349

Thanks for the update.