Our security team has detected a vulnerability (Qualys) on our networker server:
Vulnerable version of Apche http server detected on port: 9000 over TCP .(OptionsBleed)
They are suggesting that we upgrade the apache tomcat version to get rid of the vulnerability, but it this possible? I couldn't find any results in this forum..
Networker console version: 126.96.36.199
Thanks in advance!
Have you seen this
504539 : ESA-2017-097: EMC NetWorker Security Update for Apache Tomcat https://support.emc.com/kb/504539
Apache is used for hosting a landing site for a Java application that opens the NetWorker Management Console (NMC) GUI authentication at startup. After NMC is launched, Apache is no longer needed or used and NetWorker authentication takes over. Apache is not used by the Client, Storage Node, or NetWorker Server after this point.
EMC provides a locked down apache server that has as few vulnerabilities as possible. EMC keeps the version of Apache fairly recent with each major release of NetWorker. Beyond this, if you have specific security concerns, you could go through special avenues like Professional Services.
The NetWorker Management Console server uses Embedded Apache server software for only two things:
This is a custom embedded Apache software and upgrading is not recommended. It is upgraded with the NetWorker hotfix as seen here:
To find your version on Linux/UNIX you can go to the apache/bin folder or run:[root@rhatx64]# cd /opt/lgtonmc/apache/bin
[root@ rhatx64]# ./httpd -v
Server version: Apache/2.2.25 (Unix)To find your version on Windows you can go to the apache/bin:
In NetWorker 9.0 we use both, Apache HTTPD and Apache Tomcat. Apache HTTPD is used by the NMC server (gstd daemon). Apache Tomcat is used by the NetWorker Authentication service (AuthC