Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Help with Nagios® Core™ 4.4.9 Vulnerabilities

https://support.nagios.com/forum/viewtopic.php?t=75487

Page 1 of 1

Help with Nagios® Core™ 4.4.9 Vulnerabilities

Posted: Wed Jul 17, 2024 4:22 pm
by MxR57
We are running Nagios® Core™ 4.4.9, on Red Hat Enterprise Linux Server release 7.9. We get the following 4 vulnerabilities:

- OpenSSL vulnerability (CVE-2022-2068)
- OpenSSL vulnerability (CVE-2022-1292)
- Apache HTTPD: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
- Apache HTTPD: mod_sed: Read/write beyond bounds (CVE-2022-23943)

OpenSSL (1.0.2k-fips) and HTTPD (Apache/2.4.6) were installed on behalf of Nagios core. How do we go remedying these 4 vulnerabilities?

Thanks in advance for any help you can provide.

Re: Help with Nagios® Core™ 4.4.9 Vulnerabilities

Posted: Thu Jul 18, 2024 9:22 am
by gwesterman
Hi @MxR57,

Another forum user recently asked almost the same question here. It looks like you will need to update your Apache and OpenSSL versions as your current versions are vulnerable to these issues. However, RHEL 7 is no longer supported so updating those packages might not be trivial, and you are likely to continue running into security challenges going forward. I recommended moving to RHEL 8 or 9.

Let us know if you have any additional questions.

Thank you!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited