The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Summary

This article explains how to download and apply the latest Apache if a vulnerability is found with older versions of Apache

Synopsis

Vulnerabilities are sometimes found with older versions of Apache used for report designer. To remedy the problem you will need to download and install the latest version of Apache. This article has an example of the vulnerability and instructions on how to download, install, and configure the latest version of Apache for Report Designer.






Discussion

The following vulnerability examples were captured by Nessus:

Severity Plugin Id Name
High (7.5) 77531 Apache 2.2.x < 2.2.28 Multiple Vulnerabilities
Medium (5.0) 57608 SMB Signing Disabled
Medium (4.3) 11213 HTTP TRACE / TRACK Methods Allowed
Medium (4.3) 73405 Apache 2.2.x < 2.2.27 Multiple Vulnerabilities


We package Apache 2.2.25 with Report Designer 10.2 which will show the vulnerability.
However, to keep the project moving you can the latest 2.2.* version of Apache as a workaround since you are not limited to use the packaged version of Apache.

During the installation process, there is an option to use the packaged Apache or you can point it to another apache.




You can follow the instructions below to download and setup the latest supported version of apache.

Download Apache Server from web
1. Download latest version of Apache from https://www.apachehaus.com/cgi-bin/download.plx
2. Do not download apache server version 2.4. this is not supported by Cognos.
3. Download the latest available version of apache 2.2.x

Remove old apache server
4. Stop the apache service on the Cognos server from Control Panel -> Administrator -> Services
5. Backup httpd.conf located in <apache_install_dir>\conf
6. Uninstall the apache service by running the following command from <apache_install_dir>\bin
a. Httpd ?k uninstall
7. Rename the existing apache root folder to apache_old

Setup new apache server
8. Unzip the latest downloaded apache server. Make sure the root folder has the same name and path as the original apache server.
9. Install the apache service by running the following command from <new_apache_install_dir>\bin
a. Httpd ?k install
10. Backup httpd.conf located in <new_apache_install_dir>\conf. This file will be overwritten by the file from step 5.
11. Copy httpd.conf file from step 5. In <new_apache_install_dir>\conf
a. Since there is no change to hostname and permissions and paths, you will not need to modify anything in the old httpd.conf file.
12. Start apache service by running the following command from <new_apache_install_dir>\bin
a. Httpd ?k start
No ratings
Version history
Last update:
‎Feb 02, 2019 05:44 AM
Updated by: