Description
The version of Apache embedded in the web service has been found to expose a security vulnerability, known as “httpoxy” (technical details: CVE-2016-5387). This vulnerability can be avoided by changing the configuration of Apache.
<br>
Version Introduced
2.3.9
<br>
Platform
Web Service / All
<br>
Work Around
- Open the evApache httpd.conffile for editing
Windows: C:\Program Files\exacqVision\WebService\evApache\conf\httpd.conf
Linux: /etc/evapache/httpd.conf - Find and change the line #LoadModule headers_module modules/mod_headers.so to LoadModule headers_module modules/mod_headers.so. (Remove the ‘#’)
- Add the following line to the end of the file: RequestHeader unset Proxy early
- Save the file.
- Restart the web service.