We have a client that had a security audit done recently and one of the findings that must be resolved is this:
"The header information from the affected Apache web service is running unsupported versions of OpenSSL.
Version 0.9.8zh is the fixed version to address Open SSL related vulnerabilities.
- OpenSSL 0.9.8 < 0.9.8zh X509_ATTRIBUTE Memory Leak DoS"
The long term solution that needs to be solved is that I need to find a way to update the version of Apache so that this is no longer an issue.
The short term solution would be to shut down Apache Web Services so that it is not even accessible and therefore does not pose a potential risk.
Can Apache Web Services be stopped entirely without adversely affecting the FMS 15 functionality?
If so, how can this be done?
The client is currently running OSX 10.10.5 and FMS 220.127.116.11.