Overview
GFI LanGuard's integrated Apache HTTP server installed version is reported as being outdated or is flagged for having known security vulnerabilities.
Our Engineering team is already working on upgrading Apache to the latest version. There is no ETA yet - after thorough testing, an upgraded Apache will be delivered through the LanGuard automatic program updates.
Solution
Vulnerabilities are discovered periodically in the Apache server software by vulnerability scanners or penetration tools. LanGuard or other security scanners such as Nessus will sometimes return a message that vulnerabilities exist within the system. This usually happens when the LanGuard Apache web server is not updated to the latest version, or the LanGuard server itself is not on the most recent version.
If you are not on the latest LanGuard version, upgrade LanGuard to the most recent release since new product updates, including integrated Apache web server, are only provided to the latest LanGuard versions.
New versions of the Apache server may be released midstream of the current release of the LanGuard product. When this occurs, the GFI Development investigates and tests the server's new version to make sure it does not negatively affect LanGuard functionality.
The Engineering team tests and upgrades the integrated Apache server version during each release, which normally happens every six months. If the critical vulnerabilities are reported much earlier, and the testing discovers no negative impact, the upgrade will be pushed for the current release. As soon as the new server version functionality is confirmed, it is immediately released. The update is done automatically via the Program Updates module.
Between releases, some elements of the Apache server may be outdated, which reflects on certain vulnerabilities. Apache Server is used within the GFI LanGuard for its caching proxy features (Relay Agents) and its Fast CGI feature when communicating scan results between the server and the agents. This means that our version of Apache does not use all the modules (such as SSL); therefore, some reported Apache vulnerabilities may not apply to our version.
Important: GFI LanGuard integrated Apache server is upgraded only by our Engineering team after thorough testing. If you try to update the Apache version manually, that will break LanGuard.
Testing
Once we update the version, no action is normally required to receive the update since it is delivered automatically via program updates. Once LanGuard program updates are completed, to validate the Apache version:
- Navigate to C:\Program Files (x86)\GFI\LanGuard 12 Agent\Httpd\bin
- Locate the file httpd.exe, right-click on it, and open Properties
- Select the Details tab check the version
If you still see an older version, this may be because the program updates failed or have not been triggered automatically. In this case, perform a manual product update.