Wireless Water Cooler

 View Only
last person joined: yesterday 

Hang out and socialize with other community members in this off topic forum. Everything from industry trends to hobbies and interests are welcomed!
Expand all | Collapse all

WHat version of Apache web server does 6.5.4.20 run?

This thread has been viewed 9 times
  • 1.  WHat version of Apache web server does 6.5.4.20 run?

    Posted Jun 07, 2021 07:05 PM

    Hi,

    I'm trying to mitigate a CVE, and we're told it affects versions of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26. 

    How do I find out what version is running on our proposed 7005 / 7210 controller upgrade - 6.5.4.20?

    Thanks,

    Ambi



    ------------------------------
    Lawrence Brandt
    ------------------------------


  • 2.  RE: WHat version of Apache web server does 6.5.4.20 run?

    MVP EXPERT
    Posted Jun 08, 2021 04:29 AM
    It would not be easy to obtain this information unless Aruba has provided it. Normally, you'd check the Security Advisories which details the affected CVE's and the correct remediation action.

    https://www.arubanetworks.com/en-gb/support-services/security-bulletins/

    ------------------------------
    Craig Syme
    ------------------------------



  • 3.  RE: WHat version of Apache web server does 6.5.4.20 run?

    EMPLOYEE
    Posted Jun 08, 2021 06:36 AM
    You should not consider a controller/gateway running Apache. It's a hardened and integrated system, not a server running Apache. For that reason, the versions of the used software components are not relevant and not shared. If vulnerabilities are found in any of the used components you should check and follow the advisories as posted on the Aruba website.

    Even if Apache of a specific version was used in one of the Aruba products, the CVE (which you did not mention) is likely to be out of scope for embedded systems like ArubaOS, or not applicable because of configuration/modules; and a false positive of your security scanner.

    I would advise you to check the current version of ArubaOS running against the advisories posted after the build date for vulnerabilities and plan your upgrades accordingly.

    More information about the security response program is here. Another good document to check is the ArubaOS Hardening Guide, which helps you to further lock down the controller and limit access to any services to only what is needed, further reducing the risk and attack surface.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------