Vulnerabilities found in Apache 2.4.53 and their remediation in Apache 2.4.54 as highlighted in apache.org:

CVE-2022-26377   mod_proxy_ajp: Possible request smuggling (moderate severity)
CVE-2022-28330   read beyond bounds in mod_isapi (low severity)
CVE-2022-28614   read beyond bounds via ap_rwrite() (low severity)
CVE-2022-28615   Read beyond bounds in ap_strcmp_match() (low severity)
CVE-2022-29404   Denial of service in mod_lua r:parsebody (low severity)
CVE-2022-30522   mod_sed denial of service (low severity)
CVE-2022-30556   Information Disclosure in mod_lua with websockets (low severity)
CVE-2022-31813   mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (low severity)

Release : 12.8.x

Component : CA SITEMINDER AGENT FOR SHAREPOINT

Operating System: Windows

Apache release 2.4.54 is a cumulative fix for all published vulnerabilities impacting Apache 2.4.53 and prior.

This patch is for SiteMinder Agent for SharePoint, not standard Access Gateway (SPS).

httpd_2454_win32bit.zip
openssl_1.0.2ze_win32bit.zip


Steps as follow:
---------------------

1) Go to Services console and stop the running Agent for SharePoint
- Stop "SiteMinder Agent for SharePoint"
- Stop "SiteMinder Agent for SharePoint Proxy Engine"

2) Navigate to the Agent installation folder (for example C:\CA\Agent-for-SharePoint\)

3) Backup the original folder "httpd" and rename it as "httpd_orig"

4) Unzip httpd_2454_win32bit.zip

5) Copy extracted httpd folder to C:\CA\Agent-for-SharePoint\
- This will overwrite existing "httpd" folder
- As there is no "conf" folder in httpd_2454_win32bit.zip, there will not be overwritting of configuration folder to the existing "httpd" folder
- A window will prompt to Replace or Skip Files -- choose "Replace the files in the destination"

6) Navigate to SSL/bin folder (for example C:\CA\Agent-for-SharePoint\SSL\bin)

7) Backup the original files in C:\CA\Agent-for-SharePoint\SSL\bin

8) Unzip openssl_102ze_win32.zip

9) Copy extracted files (libeay32.dll, openssl.exe, ssleay32.dll) to C:\CA\Agent-for-SharePoint\SSL\bin
- This will overwrite existing files

10) Go to Services console and start the Agent for SharePoint
- Start "SiteMinder Agent for SharePoint"
- Start ""SiteMinder Agent for SharePoint Proxy Engine"
- Check that the Apache version has changed to 2.4.54

11) Test whether Agent is working by accessing the SharePoint website

It is highly advisable to test in lower environment first