Apache Version ReadyNAS Pro 4

RJohnson · ‎2017-12-13

What is the current version of Apache running on Apache Version ReadyNAS Pro 4 with RAIDiator 4.2.31. Security scan is reporting the following vulnerabilities.

Apache HTTP Server httpOnly Cookie Information Disclosure
Apache Server ETag Header Information Disclosure
mDNS Detection
SMB Signing Disabled
SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
SSL Certificate with Wrong Hostname
SSL Medium Strength Cipher Suites Supported
Transport Layer Security (TLS) Protocol CRIME Vulnerability

StephenB · ‎2017-12-13

PRO://# apache2ctl -V
Server version: Apache/2.2.6 (Debian)
Server built: Feb 28 2008 22:43:28
Server's Module Magic Number: 20051115:5
Server loaded: APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)

mdgm-ntgr · ‎2017-12-13

Some checkers may only look at the version number and then make assumptions based on that.

We have backported some things over time.

Updating to a newer apache version would break the web admin interface.

"SSL Certificate with wrong hostname" is probably because the SSL certificate uses one I.P. and your NAS currently has a different one or you're accessing via hostname rather than the I.P.

You can run OS6 (though not supported) on your unit. This has a newer version of apache.

Apache Version ReadyNAS Pro 4

Apache Version ReadyNAS Pro 4

Re: Apache Version ReadyNAS Pro 4

Re: Apache Version ReadyNAS Pro 4