Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 2 subscribers
  • Views 44095 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My ASG220 Failed latest Trustwave Vulnerability Scan

cottonakin
Our latest Trustwave vulnerability scan failed due to my Astaro Gateway and its Apache dna. Here's the actual failure:

Apache HTTP Server Long-Header Cookie Disclosure Vulnerability:

Remediation:
This issue was fixed with the release of version 2.2.22 of Apache HTTP Server. However, it is strongly recommended that the latest stable version with all of the appropriate patches be installed.

I'm running the latest version of ASG 8.301

Any suggestions?


This thread was automatically locked due to age.
Parents
  • 0
    1)  The version of Apache will be updated in v9, which has just entered public beta on these forums, to fix CVE-2012-0053.

    2)  As a remediation, follow the advise in the Admin Guide and in-line help. 
    "For the sake of a smooth installation of the gateway, the default is Any. This means that the WebAdmin interface can be accessed from everywhere. Change this setting to your internal network(s) as soon as possible. The most secure solution, however, would be to limit the access to the gateway to only one administrator PC through HTTPS."
    .  As much as possible, limit Allowed Networks to specific IP's.  You would also want to do the same for the User Portal if applicable.
  • 0 in reply to Scott_Klassen
    Thanks to both of you! I have changed the access to "Internal Network" for both User Portal and Admin and have re-scheduled the scan. I will let you know the results.
  • 0 in reply to cottonakin
    Well, the re-scan still failed for the same issue even with the User Portal and Admin set to Internal Networks. I did receive a response from Astaro support that said the fix is coming out in 8.302 (whenever that ships).
Reply Children
No Data