https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2992436#M49634 <P>Still nothing as of Oct 24, 2023.&nbsp;</P> Tue, 24 Oct 2023 12:26:25 GMT juankathens 2023-10-24T12:26:25Z https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2977986#M48729 <P>I have a scan vulnerability that my apache is less the 2.4.56, I just installed the latest update from VMware <SPAN>7.0.3.01600 for my vcenter.&nbsp;</SPAN></P><P><SPAN>when i checked the apache version, its still showing 2.4. 54.&nbsp;</SPAN></P> Tue, 18 Jul 2023 16:14:18 GMT https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2977986#M48729 bdeen 2023-07-18T16:14:18Z https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2978056#M48731 <P>As per the release note, this version is not a fix update:</P><DIV><DIV class=""><UL><LI><P class="">VMware vCenter Server 7.0 Update 3n&nbsp;Release Notes serves as a vehicle for&nbsp;the<SPAN>&nbsp;</SPAN><A href="https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-vcenter-server-7-vsphere-with-tanzu-release-notes.html" target="_blank" rel="noopener">VMware vSphere with Tanzu Release Notes</A>&nbsp;and does not deliver vCenter Server fixes.&nbsp;</P></LI></UL></DIV></DIV><DIV><A href="https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3n-release-notes/index.html#Known%20Issues%20from%20Prior%20Releases-Security%20Features%20Issues" target="_blank" rel="noopener">https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3n-release-notes/index.html#Known%20Issues%20from%20Prior%20Releases-Security%20Features%20Issues</A></DIV><DIV>&nbsp;</DIV><DIV>Regards,</DIV><DIV>Sachchidanand</DIV> Wed, 19 Jul 2023 06:46:10 GMT https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2978056#M48731 Sachchidanand 2023-07-19T06:46:10Z https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2978141#M48737 <P>This vulnerability has been out for a while and VMware has produced many patches since this was first reported.&nbsp; Why have they not upgrade Apache yet?&nbsp;&nbsp;</P> Wed, 19 Jul 2023 15:58:18 GMT https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2978141#M48737 VMGUY5 2023-07-19T15:58:18Z https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2978361#M48744 <P>I'm interested in a solution here as well.</P><P>Apache Tomcat CVE's:</P><P>CVE-2019-17569&nbsp;HTTP Request Smuggling with reverse proxy code regression (Fixed Apache Tomcat 9.0.31)</P><P>CVE-2020-1935&nbsp;HTTP Request Smuggling (fixed Apache Tomcat 9.0.30)</P><P>CVE-2020-1938&nbsp;file read/inclusion vulnerability in the AJP connector (Fixed Apache Tomcat 9.0.31)</P><P>CVE-2021-44228&nbsp;<SPAN>Apache Log4j logging library (fixed in Log4j 2.17.1)</SPAN></P><P>&nbsp;</P><P><SPAN>Are these addressed by VMware and why not using the newest Apache?</SPAN></P> Thu, 20 Jul 2023 16:53:52 GMT https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2978361#M48744 GeoPerkins 2023-07-20T16:53:52Z https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2992436#M49634 <P>Still nothing as of Oct 24, 2023.&nbsp;</P> Tue, 24 Oct 2023 12:26:25 GMT https://communities.vmware.com/t5/VMware-vCenter-Discussions/Apache-2-4-x-lt-2-4-56-Multiple-Vulnerabilities/m-p/2992436#M49634 juankathens 2023-10-24T12:26:25Z