Sophos Update Cache and Message Relay - Multiple security vulnerabilities

Question

Our network runs Sophos Endpoint clients using an Update Cache and Message Relay server. We've recently run a security audit and discovered the Update Cache server has multiple security vulnerabilities. 
 The Sophos Update Cache security vulnerabilities include: 
 
 Apache 2.4.37, which has a dozen or so vulnerabilities, rating from important to moderate to low. 
 HTTP TRACE/TRACK method enabled - this is for debugging purposes and considered a security risk in a production environment. 
 
 Is there documentation from Sophos on how to mitigate these vulnerabilities, or plans to release an update with them corrected? 
 References 
 Apache HTTP Server 2.4 vulnerabilities 
 https://httpd.apache.org/security/vulnerabilities_24.html 
 Apache Cross-Site Tracing issues 
 http://www.apacheweek.com/issues/03-01-24

FormerMember · Accepted Answer

Hi AustinWarren 
 Please review our advisory on the Apache vulnerabilitie s and let us know if you have any further questions. 
 Regards,