05-15-2018 11:27 PM - edited 03-10-2019 01:01 AM
We are having GSS-4492-K9 with Current running version is 3.1(0). We got the below vulnerabilities for the product. Need your suggestions.
OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities (SWEET32) |
Upgrade to the Latest version of OpenSSL. |
Unsupported Web Server Detection |
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another server. |
Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS |
If using NTP from the Network Time Protocol Project, upgrade to NTP version 4.2.7-p26 or later. Alternatively, addc‘disable monitor’ to the ntp.conf configuration file and restart the service. Otherwise, limit access to the affected service to trusted hosts, or contact the vendor for a fix. |
Apache HTTP Server httpOnly Cookie Information Disclosure |
Upgrade to Apache version 2.0.65 / 2.2.22 or later. |
05-16-2018 12:34 AM
05-16-2018 06:24 AM
Although there is newer software for your appliance, it still is "End of software maintenance" since January 2015. I would not expect that you can get rid of vulnerabilities in your audit without dumping the whole system.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide