Is SEPM vulnerable to Apache httpd related CVEs?
Article ID: 371443
Updated On:
Products
Issue/Introduction
Is SEPM vulnerable to following Apache httpd related CVEs?
CVE-2024-36387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
CVE-2024-38472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38472
CVE-2024-38473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
CVE-2024-38474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
CVE-2024-38475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
CVE-2024-38476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
CVE-2024-38477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
CVE-2024-39573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
CVE-2024-40725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725
Resolution
- CVE-2024-36387: Not vulnerable
- CVE-2024-38472 / CVE-2024-38473 /CVE-2024-38477: These CVEs are fixed in Apache 2.4.60. SEPM 14.3 RU10 uses Apache to 2.4.62.810
- CVE-2024-38474: Not vulnerable
- CVE-2024-38475: Not vulnerable
- CVE-2024-38476: Not vulnerable
- CVE-2024-39573: Not vulnerable
- CVE-2024-40725: We do not have any SEPM deployment with PHP version 2.4.61 (RU9 ships with 2.4.59), therefore is not affected.
**Applicable to customers who have enabled reverse proxy as documented in the following KB.
Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy
https://knowledge.broadcom.com/external/article/181483
Feedback
