macOS Vulnerability: httpd

R_C
New Contributor II

One of the many tasks under my scope is patching of vulnerabilities on macOS systems. Recently every single machine has been flagged for having a vulnerable version of "httpd" to which there doesn't appear to be a path toward remediation aside from upgrading to Big Sur.

Alternatively I have been digging through options to see whether I could create an extension attribute which would check and alert me of any systems that have apache running. Sadly all command line options seem to be a dead end as the likely option of running "sudo apachectl status" will just return the following "Go to http://localhost:80/server-status in the web browser of your choice.
Note that mod_status must be enabled for this to work."

Has anyone else had to deal with addressing this vulnerability, and how have you gone about remediating the issue?

Apache 2.4.x < 2.4.46 Multiple Vulnerabilities
(Report on Tenable's website regarding the vulnerability)
https://www.tenable.com/plugins/nessus/139574

Upgrade or Remove Apache Web Server - macOS Catalina
(Thread on Apple's Discussion board of someone in the same boat)
https://discussions.apple.com/thread/252669979

macOS Catalina how to upgrade the Apache httpd
(Another thread on Apple's Discussion board of someone in the same boat)
https://discussions.apple.com/thread/252546898

2 REPLIES 2

mschroder
Valued Contributor

Are these Macs using the httpd, or are you simply worried because it is installed? From the "Go to http://localhost:80/server-status in the web browser of your choice. Note that mod_status must be enabled for this to work." I would conclude that apache is not running on that device.

boberito
Valued Contributor

https://github.com/usnistgov/macos_security/blob/main/rules/os/os_httpd_disable.yaml

Here's a check and remediation for seeing if Apache is running.