Overview
Vulnerabilities are discovered from time to time in the Apache server software by security reporting agencies. LanGuard or other security scanners such as Nessus will sometimes return an error message that vulnerabilities exist within the system. This usually happens when the LanGuard Apache web server is not updated to the latest version.
This article provides more information on the Apache server's purpose and update schedules in LanGuard products.
Environment
- GFI LanGuard 2012 and later (all builds)
- All supported environments
Information
- Apache Server is used within the GFI LanGuard product for communicating scan results between the server and the agents. New versions of the Apache server may be released midstream of the current release of the LanGuard product. When this occurs, GFI Development investigates and tests the new version of the server to verify that there is no functionality lost in newer releases. As soon as the new server version is confirmed, it is immediately released.
- The GFI Development Team tests and upgrades the Apache server version during each release. These are released normally every six months.
- The periodic update of the Apache server is done automatically via the Program Updates module. The Development Team uses this method as needed to address security vulnerabilities in Apache.
Our version of Apache does not use all the modules within Apache (such as SSL). Therefore, some known Apache vulnerabilities may not apply to our version. These updates require extensive testing to make sure they do not affect GFI LanGuard capabilities.
Due to this, some elements of the server may be outdated then reflect on certain vulnerabilities.
Due to this, some elements of the server may be outdated then reflect on certain vulnerabilities.
Priyanka Bhotika
Comments