A Security Scan detected some vulnerabilities in Sysload Monitor 6.00HF2 that contains PHP 7.4.1 and Apache 2.4.41

We would need to fix these vulnerabilities by upgrading PHP and Apache and also fix the following HTTP TRACE ALLOWED Vulnerability Detected

"The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server
connections." 

CVE-2010-0386, CVE-2004-2320, CVE-2003-1567

How can we adress these vulnerabilities?

Release : 6.00HF2

Component : Sysload Monitor

Outdated Third-party Apache Web Server and PHP versions containing some vulnerabilities

Solution:

This vulnerabilities will be fixed in an ulterior patch of Sysload Monitor that will contain:

Upgraded Apache version ( from 2.4.41 to 2.4.48) 

Upgraded PHP version ( from 7.4.1 to 7.4.19)

Fix for HTTP TRACE ALLOWED Vulnerability Detected ( line TraceEnable Off

In order to fix the "HTTP TRACE ALLOWED Vulnerability" , you can simply add the following line in the httpd.conf file ( by default, in C:\Program Files (x86)\sysload\spmonitor\spmhttpd\conf\httpd.conf):

TraceEnable Off

Then restart the service Sysload SP Monitor Web Server