NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

UserFriendlyTS's avatar
UserFriendlyTS
Follower
Dec 29, 2020

GS724TPP Failed Audit due to Lighttpd Version

Routine audit showed our Netgear is running a version of Lighttpd that is affected by CVE-2014-2323, CVE-2014-2324. The audit wants verison 1.4.35 or later of Lighttpd.  The switch is running firmware 2.0.2.6.  I see that 2.0.2.8 is available, but the notes do not list that it upgrades Lighttpd.  Can you tell me if Lighttpd is part of the firmware update for 2.0.2.8?  If not, is there a way to update Lighttpd by itself?

 

Thank you,
Mark

 

1 Reply

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Dec 29, 2020

    Let audit check the vulnerable modules mod_mysql_vhost.c, mod_evhost.c, and mod_simple_vhost.c are part of the implementation. 8-))))

     

    Change your audit company if they insist on version numbers.

     

     

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More