From Sherry Tha@21:1/5 to All on Thu May 12 08:51:08 2022
Our security team have notified me of a vulnerability scan detected that is pretty high. The vulnerability (CVE-2022-1292) score is listed as 10.0 (critical) and was detected based on the presence of OpenSSL with a version prior to 1.1.1o running on
port 443 on the server. I was able to verify that it is the Apache service that is utilizing that vulnerable version openSSL on port 443. This Apache HTTP Server 2.4 comes with a limited OpenSSL distribution which is at version OpenSSL 1.1.1n.
According to NVD Record for CVE-2022-1292, this c_rehash script/command issue is Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n) and we are only on OpenSSL 1.1.1n. How would i go about fixing this vulnerability? Do i wait for a new apache to be release
to fix it is there a way to upgrade to a higher openSSL? I'm not all that slick with security yet : Please advise.