cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

367
Views
0
Helpful
1
Replies
Highlighted
Beginner

LMS 2.6 Apache 1.3 HTTP Server Expect Header Cross-Site Scripting Vulnerability

I received a security scanned report on CiscoWorks server.  The finding was in regards to Apache 1.3 HTTP Server Expect Header Cross-Site Scripting Vulnerability.  I checked Apache version on my CiscoWorks server from Common Services > Software Center > Software Update.  From Software Update Page - Products Installed section - CiscoWorks Common Services.  From this last page, Apache package installed version is 2.0.4.  Where and how can I verify Apache version (if any)?  Is it possible to upgrade Apache to a newer version?  If so, what are the procedures and expected downtime?  Thank you in advance.

1 REPLY 1
Hall of Fame Cisco Employee

Re: LMS 2.6 Apache 1.3 HTTP Server Expect Header Cross-Site Scri

You cannot upgrade Apache using a distribution from apache.org.  However, we do periodically release updates to the LMS Apache.  Make sure you have the patch cwcs30-win-CSCtc38080.zip installed (from http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=3.0.0&mdfid=278788769&sftType=CiscoWorks+Common+Services+Patches&optPlat=Windows&nodecount=8&edesignator=null&modelName=CiscoWorks+Common+Services+Software+3.0&treeMdfId=268439477&modifmd... ).

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards