Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3795
Views
18
Helpful
12
Replies

Cisco Prime Infrastructure Version 3.10 Apache version 2.4.53 or later

SIT Network Support
Level 1
Level 1

‎06-14-2022 07:18 PM

We want to check currently our Cisco Prime running on Apache 2.4.50 (there is some Multiple Vulnerabilities) and want to know if there Apache version 2.4.53 or later. 

 

Please do provide us the work around on this as well 

9 people had this problem
Labels:
0 Helpful
12 Replies 12

Flavio Miranda
VIP
VIP

‎06-14-2022 07:56 PM

Hi

 

According to this Bug ID CSCwa45652  , Prime 3.10 is affected by Apache vulnerabilite and there´s no workaround or fixed release.

 

 

 

Apache 2.4.49 < 2.4.51 Path Traversal Vulnerability

apache.JPG

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa45652 

Ani T
Level 1
Level 1

‎10-03-2022 11:07 AM

How soon can we expect a fix for this issue? Is there a golden image for Prime Infra that we can use while we wait for this issue to be fixed?

przemyslaw.wieczorek
Level 1
Level 1

‎01-19-2023 06:21 AM

Anyone know when this will be fixed?

Mkvts
Level 1
Level 1

‎03-13-2023 06:47 AM

Anyone know if version Apache 2.4.53 is used in Prime 3.10.3?

0 Helpful

przemyslaw.wieczorek
Level 1
Level 1
In response to Mkvts

‎03-13-2023 07:21 AM

Hi,

Prime 3.10.3 has Apache version : 2.4.54. However now latest release of Apache is 2.4.56

hemmerling
Level 1
Level 1

‎04-10-2023 11:22 AM

Is there an ETA for when a patch will be released to update Apache to <2.4.56, there are multiple critical vulnerabilities with the version in 3.10.3?

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hemmerling

‎04-10-2023 05:11 PM

You should reach out to your Cisco SE.  Since Prime has now been EOL, release dates might change.

-Scott
*** Please rate helpful posts ***
0 Helpful

aharsh
Level 1
Level 1
In response to Scott Fella

‎04-10-2023 05:15 PM

It shouldn't change anything right now.

End of life of normal maintenance is September 2024. End of life of vulnerabilities (which is what this is) is September 2025, more than 2 years away.

Scott Fella
Hall of Fame
Hall of Fame
In response to aharsh

‎04-10-2023 05:23 PM

That is why you should reach out to your rep.  It's the only way to see when they plan or if they plan on fixing that.  Or just open a TAC case and ask.

-Scott
*** Please rate helpful posts ***
0 Helpful

alexhunter
Level 1
Level 1

‎06-12-2023 02:37 AM

Apparently there is patch 3.10.4 to fix the Apache vulnerability on its way, although still not sure when that will be. Logged a couple of TAC cases with Cisco and it was tentatively scheduled for the 2nd week of May, and then got told the release date for this fix would be within a day of around 1st-2nd June under the second raised TAC.

Mkvts
Level 1
Level 1

‎07-17-2023 10:20 PM

Just checked and the version 3.10.4 is available for me now. From what I can see a lot of caveats around apache are fixed. But I cannot find anything related about CSCwa45652. Did anybody install this version and know if this security issue is fixed? Any problems noticed when upgrading to this version?

 

0 Helpful

Mkvts
Level 1
Level 1

‎09-12-2023 03:21 AM

I can confirm problem is fixed for us using version 3.10.4.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card