PHP Unsupported / Apache2.4 Vuln.

Nuggel1234 · Post by **Nuggel1234** » Thu Oct 10, 2024 11:07 am

Hello,

we have Nagios XI (Nagios XI 2024R1.2.1) on Cent OS 9 (appliance from nagios).

Our cybersecurity guys scanned the vm and detected the following vulnerabilities:

Apache 2.4.x < 2.4.62 Multiple Vulnerabilities
OpenSSL 3.2.0 < 3.2.3 Vulnerability
PHP Unsupported Version Detection

we installed the altest Nagios Update. How can we fix those issues?

Thank you

jmichaelson · Post by **jmichaelson** » Thu Oct 10, 2024 2:50 pm

since you're using an appliance, i'd recommend taking a snapshot of it in case something goes wrong, and running yum update in a shell.

DoubleDoubleA · Post by **DoubleDoubleA** » Fri Oct 11, 2024 9:24 am

Hi @Nuggel1234,

The longer answer is that those packages you mention are system packages, and not Nagios software. So when you upgrade your XI, you are upgrading the Nagios software, but we don't upgrade your system packages for you, since for many of our customers, they are very specific about system administration and what packages they are running.

As @jmichaelson has mentioned, you can get to the command line and run yum upgrade, and it will update your system packages.

Aaron

danderson · Post by **danderson** » Mon Oct 14, 2024 4:40 pm

Redhat backports security fixes to older versions of software so that they can maintain backwards compatibility easily. Like mentioned above, you can upgrade your packages with yum/dnf, but you may still get warnings from security scanners because of this backporting practice.

Read below for more info
https://access.redhat.com/security/updates/backporting

Nagios Support Forum

PHP Unsupported / Apache2.4 Vuln.

PHP Unsupported / Apache2.4 Vuln.

Re: PHP Unsupported / Apache2.4 Vuln.

Re: PHP Unsupported / Apache2.4 Vuln.

Re: PHP Unsupported / Apache2.4 Vuln.