Update web service for Apache httpoxy vulnerabilities

Post author By Bhargav Atturu
Post date April 26, 2021

Description

The version of Apache embedded in the web service has been found to expose a security vulnerability, known as “httpoxy” (technical details: CVE-2016-5387). This vulnerability can be avoided by changing the configuration of Apache.

<br>

Version Introduced

2.3.9

<br>

Platform

Web Service / All

<br>

Work Around

Open the evApache httpd.conffile for editing

Windows: C:\Program Files\exacqVision\WebService\evApache\conf\httpd.conf
Linux: /etc/evapache/httpd.conf
Find and change the line #LoadModule headers_module modules/mod_headers.so to LoadModule headers_module modules/mod_headers.so. (Remove the ‘#’)
Add the following line to the end of the file: RequestHeader unset Proxy early
Save the file.
Restart the web service.

Tags Web, Web Server, Webservice, Update, Apache, Level2, 4707, Httpoxy Vulnerabilities