Update Apache

davidgpaul · 2017-11-13T20:04:39.000Z

Hi, currently running version 7.5.00101 of Spiceworks and got dinged on a vulnerability scan saying Apache is out of date. The version Spiceworks is running is 2.2.31. I notice there have not been any updates to Spiceworks in many months, but is there something in the works for an update or how do we go about updating this? Thanks

Rod-IT · 2017-11-13T20:06:06.000Z

V8 will be the next major update, though I did hear a minor update to 7.5 might get rereleased to fix this issue, if it does not V8 is your only option and that is still in BETA.

Rod-IT · 2017-11-13T20:07:12.000Z

If your SW is internal only the risk is less, if it is public facing, put it behind a reverse proxy to remove this vulnerability from view

davidgpaul · 2017-11-13T20:25:20.000Z

Thanks for the info. It is internal only

dbeato · 2017-11-13T20:55:12.000Z

Yeah, the Apache internal to Spiceworks cannot be upgraded manually, as per Matt S (Spiceworks) it has been recommended to not open it externally until the next release.

@matts

jackie · 2017-11-14T16:36:43.000Z

We do have a few other threads on this topic:

Spiceworks V7.5.00101 Upgrade of apache from 2.2.31 to version 2.2.34 or later Spiceworks Support

Hi , Running Spiceworks 7.5.00101, but our vulnerability scanner is reporting that Spiceworks apache version is V2.2.31, and is affected by numerous CVE’s, and should be upgraded to Apache > 2.2.34 (CVE: CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679, CVE-2017-9788) Are there plane to upgrade Spiceworks to resolve these issues. Thanks

Apache Vulnerability 2.2.31 Spiceworks Support

Hi, we were running an internal pent test for PCI and Apache is showing out of date on the spicworks server CVE-2017-7679, CVE-2017-3169, CVE-2017-3167 The advice is to upgrade to Apache HTTP Server 2.2.33 or 2.4.26 , does anyone know if we can manually upgrade Apache or do we need to wait for Spicworks to release an update? Thanks

Apache vulnerability with Nessus Spiceworks Support

I’ve updated our Spiceworks install to the latest version. Nessus is saying that the version of Apache we have, which is only b/c it was included in Spiceworks, needs to be updated. How do I update Apache if I’m already at the latest version of Spiceworks, but the version of Apache is still old. It’s at 2.2.31, and needs to be at 2.2.34 or higher according to Nessus.