vulnerability scanning ...
vulnerability scanning ...
The IT Department had made a vulnerability scanning on NagiosXI host and found a lot of vulnerability, how to fix that?
You do not have the required permissions to view the files attached to this post.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: vulnerability scanning ...
This scan had to be done with software that just simply determines that php < 5.6 is vulnerable or a certain version of Apache is vulnerable, which isn't really the case, all these CVE's have been backported and if the php version on your system is up to date and you are running an OS that isn't EOL you should be fine.
These CVE's are not Nagios specific, just OS/php/httpd specific.
An update will get the patched version but your scanner likely will still report the same thing
More information available in this post
https://support.nagios.com/forum/viewto ... 16&t=54017
These CVE's are not Nagios specific, just OS/php/httpd specific.
An update will get the patched version but your scanner likely will still report the same thing
Code: Select all
yum updatehttps://support.nagios.com/forum/viewto ... 16&t=54017