Skip to main content
All CollectionsRemediations
Apple MacOS Apache Vulnerabilities
Apple MacOS Apache Vulnerabilities
Alan Butcher avatar
Written by Alan Butcher
Updated over a week ago

The Apache 2.4.x < 2.4.52 Multiple Vulnerabilities when detected with a vulnerability scanner will report it as a CVSS 9.8 (v3).


The Apache 2.4.x < 2.4.53 Multiple Vulnerabilities when detected with a vulnerability scanner will report it as a CVSS 9.8 (v3).


CVSS:

CVSS is a scoring system for vulnerability systems, it's an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:

The Vulnerability Information

The Apache software causing this vulnerability is installed and bundled with all Apple MacOS devices by default for all versions as well (Catalina, Bigsur, Monterey etc.).

The application is installed but is disabled by default and is not active. However, the manufacturer does not provide updates for this application along with the OS updates.


Remediation

For the purpose of Cyber Essentials Plus assessment, this vulnerability is not considered as it as the manufacturer does not provide updates for it and also is disabled by default.

Command to Disable Apache\httpd

/bin/launchctl disable system/org.apache.httpd

Command to check whether Apache\httpd is enabled:

/bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => true'

Did this answer your question?