We are running Nagios® Core™ 4.4.9, on Red Hat Enterprise Linux Server release 7.9. We get the following 4 vulnerabilities:
- OpenSSL vulnerability (CVE-2022-2068)
- OpenSSL vulnerability (CVE-2022-1292)
- Apache HTTPD: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
- Apache HTTPD: mod_sed: Read/write beyond bounds (CVE-2022-23943)
OpenSSL (1.0.2k-fips) and HTTPD (Apache/2.4.6) were installed on behalf of Nagios core. How do we go remedying these 4 vulnerabilities?
Thanks in advance for any help you can provide.
Help with Nagios® Core™ 4.4.9 Vulnerabilities
-
gwesterman
- Posts: 268
- Joined: Wed Aug 23, 2023 11:29 am
Re: Help with Nagios® Core™ 4.4.9 Vulnerabilities
Hi @MxR57,
Another forum user recently asked almost the same question here. It looks like you will need to update your Apache and OpenSSL versions as your current versions are vulnerable to these issues. However, RHEL 7 is no longer supported so updating those packages might not be trivial, and you are likely to continue running into security challenges going forward. I recommended moving to RHEL 8 or 9.
Let us know if you have any additional questions.
Thank you!
Another forum user recently asked almost the same question here. It looks like you will need to update your Apache and OpenSSL versions as your current versions are vulnerable to these issues. However, RHEL 7 is no longer supported so updating those packages might not be trivial, and you are likely to continue running into security challenges going forward. I recommended moving to RHEL 8 or 9.
Let us know if you have any additional questions.
Thank you!