Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
1
Replies

LMS 2.6 Apache 1.3 HTTP Server Expect Header Cross-Site Scripting Vulnerability

santipongv
Level 1
Level 1

‎01-19-2010 06:17 AM

I received a security scanned report on CiscoWorks server.  The finding was in regards to Apache 1.3 HTTP Server Expect Header Cross-Site Scripting Vulnerability.  I checked Apache version on my CiscoWorks server from Common Services > Software Center > Software Update.  From Software Update Page - Products Installed section - CiscoWorks Common Services.  From this last page, Apache package installed version is 2.0.4.  Where and how can I verify Apache version (if any)?  Is it possible to upgrade Apache to a newer version?  If so, what are the procedures and expected downtime?  Thank you in advance.

Labels:
0 Helpful
1 Reply 1

Joe Clarke
Cisco Employee
Cisco Employee

‎01-23-2010 08:49 AM

You cannot upgrade Apache using a distribution from apache.org.  However, we do periodically release updates to the LMS Apache.  Make sure you have the patch cwcs30-win-CSCtc38080.zip installed (from http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=3.0.0&mdfid=278788769&sftType=CiscoWorks+Common+Services+Patches&optPlat=Windows&nodecount=8&edesignator=null&modelName=CiscoWorks+Common+Services+Software+3.0&treeMdfId=268439477&modifmd... ).

0 Helpful
Customers Also Viewed These Support Documents