We're running a vulnerability scan (Nessus) against the CA Access
Gateway (SPS) and we've discovered the following vulnerability :
Apache HTTP Server 2.4 vulnerabilities
Source : Server: Apache/2.4.4 (Unix) mod_jk/1.2.37
Installed version : 2.4.4
Fixed version : 2.4.41
The Nessus tool mentioned that :
Note that Nessus has not tested for this issue but has instead
relied only on the application's self-reported version number.
How can we fix it ?
Release : 12.6
Component : SITEMINDER -WEB AGENT FOR APACHE
The nessus tools has reported the following vulnerabilities, and I've
put the module affected.
From the output of the module in use in apache, none of those modules
are in usage.
[[email protected] bin]# ./apachectl -M
So said, the SPS you run is not vulnerable and you have to upgrade it
only to get a supported version.