Spiceworks 7.5.00107 Apache vulnerability

spiceuser-6qpog · 2020-10-21T12:03:31.000Z

We have a new vulnerability scanner which has detected vulnerabilities (CVE-2020-1934,CVE-2020-1927) in Spiceworks’ Apache installation which it says needs to be updated past version 2.4.42.

It states these vulnerabilities in Apache were published on 04/02/20.
Is there a timeframe for Spiceworks to be updated to patch these vulnerabiities?
Thanks in advance

ranhalt · 2020-10-21T12:32:40.000Z

Uh, never dude. Spiceworks for Windows has been abandoned, er, deprecated. It’s been replaced by an OVA appliance called Spiceworks HDS, and that is being actively developed. Been out for a year.

https://community.spiceworks.com/support/help-desk-server/docs/setup

New Spiceworks Help Desk Server OVA download Spiceworks Support

Hey SpiceHeads, As some of you have found, we have released an installable version of the (new) https://www.spiceworks.com/download/help-desk/ Spiceworks Help Desk Server . This is not a new version of 7.5 but instead an updated release of the common codebase we talked about last year at SpiceWorld. As you may have guessed by the file extension, this is a virtual appliance unlike the older version which was a Windows executable. We will definitely be talking about this at SpiceWorld (which is …

Sean-Spiceworks · 2020-10-21T13:23:51.000Z

Hi all, we’re already chatting about this internally but wanted to tag @spiceworks-support-team so they can go through our process on this.

spiceuser-6qpog · 2020-10-21T14:27:56.000Z

Aha - slightly late to the party it seems! Thanks @ranhalt and @sean-spiceworks .

Is there a Hyper-V alternative to the .ova?

Brendan-Spiceworks · 2020-10-21T15:41:12.000Z

There is not yet a hyper-v alternative as far as it being pre-packaged - however, you could create an Ubuntu instance in Hyper-V and then install the help desk using the scripted option:

https://community.spiceworks.com/support/help-desk-server/docs/deb-install