Thread Info
  • State Verified Answer
  • Replies 3 replies
  • Subscribers 11 subscribers
  • Views 7650 views
  • Users 0 members are here
Options
Suggested

Update 'Update Cache/Message Relay'

MichaelWeremecki

Greetings,

I am trying to find out how to update the Message Relay application for our 2019 Windows server.  The version of httpd.exe is apache 2.5.3 which appears on our Nessus Vulnerability reports.  Sophos has released a kb documenting why their system is not vulnerable to the CVE posted.

However according this Sophos article https://support.sophos.com/support/s/article/KB-000038269?language=en_US 

"The Message Relay feature is using the latest version of Apache 2.4.54 in Message Relay v1.7.0.108. This is released as part of Server Core Agent 2022.3.0.84.

Note: Version 2022.3.0.84 wasn't released to all customers and has been replaced by version 2022.4.0.6, which is currently being released.

I've removed the Message Cache from my server via Sophos Central then later that day redeployed Update Cache/Message Relay however it is still installing the older version.  How do I obtain the newer server core agent to update my server?  

Thanks



Added TAGs
[edited by: Gladys at 2:09 PM (GMT -8) on 16 Jan 2023]
Parents
  • 0

    I am checking out our latest vulnerability report and this is what it has to say:  

    "Vulnerability: Apache HTTP Server < 2.4.59 Multiple Vulnerabilities - Windows
    Severity: High
    Apache HTTP Server is prone to multiple vulnerabilities.
    The following vulnerabilities exist: - CVE-2023-38709: HTTP response splitting -
    CVE-2024-24795: HTTP response splitting in multiple modules - CVE-2024-27316:
    HTTP/2 DoS by memory exhaustion on endless continuation frames
    Affected: Apache HTTP Server version 2.4.58 and prior.
    Description:
    Remediation: Update to version 2.4.59 or later."

    Vulnerability: Apache HTTP Server < 2.4.60 Multiple Vulnerabilities - Windows
    Severity: High
    Apache HTTP Server is prone to multiple vulnerabilities.
    The following flaws exist: - CVE-2024-36387: Denial of Service (DoS) by Null pointer
    in websocket over HTTP/2 - CVE-2024-38472: Windows UNC Server-Side Request
    Forgery (SSRF) - CVE-2024-38473: Proxy encoding problem - CVE-2024-38474:
    Weakness with encoded question marks in backreferences - CVE-2024-38475:
    Weakness in mod_rewrite when first segment of substitution matches filesystem
    path - CVE-2024-38476: May use exploitable/malicious backend application output to
    run local handlers via internal redirect - CVE-2024-38477: Crash resulting in DoS in
    mod_proxy via a malicious request - CVE-2024-39573: mod_rewrite proxy handler
    substitution
    Affected: Apache HTTP Server version 2.4.59 and prior.
    Description:
    Remediation: Update to version 2.4.60 or later."

    Is the release available yet?

    Will Windows Cache servers update themselves with the new release?

    Will Sophos automatically notify customers of the release when it is available?

    Thanks

Reply
  • 0

    I am checking out our latest vulnerability report and this is what it has to say:  

    "Vulnerability: Apache HTTP Server < 2.4.59 Multiple Vulnerabilities - Windows
    Severity: High
    Apache HTTP Server is prone to multiple vulnerabilities.
    The following vulnerabilities exist: - CVE-2023-38709: HTTP response splitting -
    CVE-2024-24795: HTTP response splitting in multiple modules - CVE-2024-27316:
    HTTP/2 DoS by memory exhaustion on endless continuation frames
    Affected: Apache HTTP Server version 2.4.58 and prior.
    Description:
    Remediation: Update to version 2.4.59 or later."

    Vulnerability: Apache HTTP Server < 2.4.60 Multiple Vulnerabilities - Windows
    Severity: High
    Apache HTTP Server is prone to multiple vulnerabilities.
    The following flaws exist: - CVE-2024-36387: Denial of Service (DoS) by Null pointer
    in websocket over HTTP/2 - CVE-2024-38472: Windows UNC Server-Side Request
    Forgery (SSRF) - CVE-2024-38473: Proxy encoding problem - CVE-2024-38474:
    Weakness with encoded question marks in backreferences - CVE-2024-38475:
    Weakness in mod_rewrite when first segment of substitution matches filesystem
    path - CVE-2024-38476: May use exploitable/malicious backend application output to
    run local handlers via internal redirect - CVE-2024-38477: Crash resulting in DoS in
    mod_proxy via a malicious request - CVE-2024-39573: mod_rewrite proxy handler
    substitution
    Affected: Apache HTTP Server version 2.4.59 and prior.
    Description:
    Remediation: Update to version 2.4.60 or later."

    Is the release available yet?

    Will Windows Cache servers update themselves with the new release?

    Will Sophos automatically notify customers of the release when it is available?

    Thanks

Children
No Data
Unfiltered HTML