search cancel

CA APM TIM HTTPD

book

Article ID: 188543

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

Apache Vulnerability Identified in the APM TIM , httpd related vulnerability in TIM installed server. 

Plugin ID CVE CVSS Risk Host         Scope Os        Protocol Port Name

101385 CVE-2016-8743 5 Medium 172.18.101.149 GSDC Servers_LN LN tcp 0 RHEL 6 : httpd (RHSA-2017:1721)

102535 CVE-2017-3167 7.5 High 172.18.101.149 GSDC Servers_LN LN tcp 0 RHEL 6 : httpd (RHSA-2017:2478)

102535 CVE-2017-3169 7.5 High 172.18.101.149 GSDC Servers_LN LN tcp 0 RHEL 6 : httpd (RHSA-2017:2478)

102535 CVE-2017-7679 7.5 High 172.18.101.149 GSDC Servers_LN LN tcp 0 RHEL 6 : httpd (RHSA-2017:2478)

102535 CVE-2017-9788 7.5 High 172.18.101.149 GSDC Servers_LN LN tcp 0 RHEL 6 : httpd (RHSA-2017:2478)

104006 CVE-2017-12171 6.4 Medium 172.18.101.149 GSDC Servers_LN LN tcp 0 RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)

104006 CVE-2017-9798 6.4 Medium 172.18.101.149 GSDC Servers_LN LN tcp 0 RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)


 

 

 

 

Environment

APM 10.x and Later
TIM 10.5

Resolution

If customer is  using any TIM version starting from 10.1, customer can go ahead and upgrade the required httpd, httpd-tool and mod-ssl package to the latest version, because TIM is independent of the httpd version now. It can work with any latest httpd version.