06-14-2022 07:18 PM
We want to check currently our Cisco Prime running on Apache 2.4.50 (there is some Multiple Vulnerabilities) and want to know if there Apache version 2.4.53 or later.
Please do provide us the work around on this as well
06-14-2022 07:56 PM
Hi
According to this Bug ID CSCwa45652 , Prime 3.10 is affected by Apache vulnerabilite and there´s no workaround or fixed release.
Apache 2.4.49 < 2.4.51 Path Traversal Vulnerability
10-03-2022 11:07 AM
How soon can we expect a fix for this issue? Is there a golden image for Prime Infra that we can use while we wait for this issue to be fixed?
01-19-2023 06:21 AM
Anyone know when this will be fixed?
03-13-2023 06:47 AM
Anyone know if version Apache 2.4.53 is used in Prime 3.10.3?
03-13-2023 07:21 AM
Hi,
Prime 3.10.3 has Apache version : 2.4.54. However now latest release of Apache is 2.4.56
04-10-2023 11:22 AM
Is there an ETA for when a patch will be released to update Apache to <2.4.56, there are multiple critical vulnerabilities with the version in 3.10.3?
04-10-2023 05:11 PM
You should reach out to your Cisco SE. Since Prime has now been EOL, release dates might change.
04-10-2023 05:15 PM
It shouldn't change anything right now.
End of life of normal maintenance is September 2024. End of life of vulnerabilities (which is what this is) is September 2025, more than 2 years away.
04-10-2023 05:23 PM
That is why you should reach out to your rep. It's the only way to see when they plan or if they plan on fixing that. Or just open a TAC case and ask.
06-12-2023 02:37 AM
Apparently there is patch 3.10.4 to fix the Apache vulnerability on its way, although still not sure when that will be. Logged a couple of TAC cases with Cisco and it was tentatively scheduled for the 2nd week of May, and then got told the release date for this fix would be within a day of around 1st-2nd June under the second raised TAC.
07-17-2023 10:20 PM
Just checked and the version 3.10.4 is available for me now. From what I can see a lot of caveats around apache are fixed. But I cannot find anything related about CSCwa45652. Did anybody install this version and know if this security issue is fixed? Any problems noticed when upgrading to this version?
09-12-2023 03:21 AM
I can confirm problem is fixed for us using version 3.10.4.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide