Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
Link copied. Please paste this link to share this article on your social media post.
Hi Antonio,
I haven't gone through each one individually. Most of these vulnerabilities you have listed are for SSH. SSH is only used when working with tech support and there is no access required by customers. SSH can be turned off.
I looked at the Apache vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2007-6750
It states:
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
I checked on DCE 7.6 and found that we are using version:
Server version: Apache/2.2.15 (Unix)
Server built: Jun 19 2018 15:45:13
7.7 uses the same version.
As for TLS versions and SSLv3, these are used for backwards compatibility to communicate with some older devices but can be turned off:
As for updating individual modules, you can't. We don't provide root access. Even if we did, upgrading to an untested version could cause unexpected issues.
I'll still forward your concerns but since these are mostly 2016 or earlier, I'm going to assume they are not being considered vital. I will let you know what more I hear, if anything.
Thanks,
Steve
Link copied. Please paste this link to share this article on your social media post.
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.