search cancel

Sysload Monitor Apache vulnerabilities

book

Article ID: 230363

calendar_today

Updated On:

Products

CA Automic Sysload

Issue/Introduction

Several vulnerabilities have been discovered in Apache HTTP Server included in Sysload Monitor latest available release:

 

Vulnerability Information
CVE CVSS Base Score Severity Rating* Affected Product Affected Version
CVE-2021-33193 7.5 Medium Apache HTTP Server 2.4.17 to 2.4.48
CVE-2021-34798 N/A N/A Apache HTTP Server Prior to 2.4.9
CVE-2021-36160 N/A N/A Apache HTTP Server 2.4.30 to 2.4.48
CVE-2021-39275 N/A N/A Apache HTTP Server Prior to 2.4.9
CVE-2021-40438 N/A N/A Apache HTTP Server Prior to 2.4.9

 

We are right now using 2.4.41 which is the latest available version released on April 2020.

Environment

Release : 6.0

Component : Sysload Monitor

Cause

Outdated versions of PHP and Apache HTTP Server included in current Sysload Monitor release.

Resolution

A new version of Sysload Monitor (6.00HF3) will contain updated versions of PHP and Apache Http Server to fix these vulnerabilities.

Please read carefully the readme.txt that explains the procedure to upgrade apache and php that are delivered with sysload monitor to address these vulnerabilities.