Need to upgrade apache from 2.4 to latest version

The below apache vulnerabilities were identified in SAP GRC Windows servers (CHDSxyz, CHDQSAPxyz)

Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability
Apache 1.3 HTTP Server Expect Header Cross-Site Scripting
Apache/IBM HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
Apache Web Server ETag Header Information Disclosure Weakness

Can you please update the Apache in the servers to remediate the vulnerabilities.

Hello,

I'm guessing you've pasted here the contents of an e-mail or other request that's been sent to you regarding Apache on these two Windows servers. As to how you'd upgrade: that depends on how it was installed on these Windows servers in the first place. Apache can run straight on Windows as a service; or it could be running under Cygwin, or the Windows Subsystem for Linux, or within a Linux container or VM; or in various other ways (such as being an embedded Web server in some other Windows product).

So first we'd need to know how Apache is running on these Windows servers, and how it was installed in the first place, and then we might be able to suggest how to proceed.

As an aside: since this question appears to refers to Windows servers, I'll move it from the "Linux and Unix-Like" category to "Microsoft Windows". If for some reason this isn't right, and the reference to "Windows servers" means something else, please let us know and I can move it back.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.