Summary
This article explains how to download and apply the latest Apache if a vulnerability is found with older versions of Apache
Synopsis
Vulnerabilities are sometimes found with older versions of Apache used for report designer. To remedy the problem you will need to download and install the latest version of Apache. This article has an example of the vulnerability and instructions on how to download, install, and configure the latest version of Apache for Report Designer.
Discussion
The following vulnerability examples were captured by Nessus:Severity Plugin Id Name
High (7.5) 77531 Apache 2.2.x < 2.2.28 Multiple Vulnerabilities
Medium (5.0) 57608 SMB Signing Disabled
Medium (4.3) 11213 HTTP TRACE / TRACK Methods Allowed
Medium (4.3) 73405 Apache 2.2.x < 2.2.27 Multiple VulnerabilitiesWe package Apache 2.2.25 with Report Designer 10.2 which will show the vulnerability.
However, to keep the project moving you can the latest 2.2.* version of Apache as a workaround since you are not limited to use the packaged version of Apache.
During the installation process, there is an option to use the packaged Apache or you can point it to another apache.
You can follow the instructions below to download and setup the latest supported version of apache.
Download Apache Server from web
1. Download latest version of Apache from https://www.apachehaus.com/cgi-bin/download.plx
2. Do not download apache server version 2.4. this is not supported by Cognos.
3. Download the latest available version of apache 2.2.x
Remove old apache server
4. Stop the apache service on the Cognos server from Control Panel -> Administrator -> Services
5. Backup httpd.conf located in <apache_install_dir>\conf
6. Uninstall the apache service by running the following command from <apache_install_dir>\bin
a. Httpd ?k uninstall
7. Rename the existing apache root folder to apache_old
Setup new apache server
8. Unzip the latest downloaded apache server. Make sure the root folder has the same name and path as the original apache server.
9. Install the apache service by running the following command from <new_apache_install_dir>\bin
a. Httpd ?k install
10. Backup httpd.conf located in <new_apache_install_dir>\conf. This file will be overwritten by the file from step 5.
11. Copy httpd.conf file from step 5. In <new_apache_install_dir>\conf
a. Since there is no change to hostname and permissions and paths, you will not need to modify anything in the old httpd.conf file.
12. Start apache service by running the following command from <new_apache_install_dir>\bin
a. Httpd ?k start