Hello

Have you  seen this

504539 : ESA-2017-097: EMC NetWorker Security Update for Apache Tomcat https://support.emc.com/kb/504539

Apache is used for hosting a landing site for a Java application that opens the NetWorker Management Console (NMC) GUI authentication at startup. After NMC is launched, Apache is no longer needed or used and NetWorker authentication takes over. Apache is not used by the Client, Storage Node, or NetWorker Server after this point.

EMC provides a locked down apache server that has as few vulnerabilities as possible. EMC keeps the version of Apache fairly recent with each major release of NetWorker. Beyond this, if you have specific security concerns, you could go through special avenues like Professional Services.

The NetWorker Management Console server uses Embedded Apache server software for only two things:

1. Download of the Console jar files.
2. Startup of the Console server daemon or service.

This is a custom embedded Apache software and upgrading is not recommended. It is upgraded with the NetWorker hotfix as seen here:

• NMC version 8.0.0.2.Build.172 has Apache 2.2.21
• NMC version 8.1.0.1 Build 236 has Apache 2.2.25
• NMC version 8.2.1.0 Build 681 has Apache 2.2.27
• NMC version 9.0.x has Apache 2.4.16.0
• NMC version 9.1.x has Apache 2.4.16.0
• NMC version 9.2.x will have Apache 2.4.25.0

To find your version on Linux/UNIX you can go to the apache/bin folder or run:[root@rhatx64]# cd /opt/lgtonmc/apache/bin
[root@ rhatx64]# ./httpd -v
Server version: Apache/2.2.25 (Unix)To find your version on Windows you can go to the apache/bin:

• Go to C:\Program Files\EMC NetWorker\Management\GST\apache\bin
• And hover over the  httpd  and it will tell you the version, as seen here:

In NetWorker 9.0 we use both, Apache HTTPD and Apache Tomcat.  Apache HTTPD is used by the NMC server (gstd daemon).  Apache Tomcat is used by the NetWorker Authentication service (AuthC