Problem Note 64442: Apache HTTP Server vulnerabilities and OpenSSL vulnerabilities exist in SAS® Web Server 9.45
 |  |  |  |  |
Severity: High
Description: SAS Web Server 9.45, which is delivered with SAS® 9.4M6 (TS1M6), includes Apache HTTP Server 2.4.34 and OpenSSL 1.0.2o. Apache HTTP Server 2.4.34 contains vulnerabilities that are described on the Apache HTTP Server Project website. OpenSSL 1.0.2o contains vulnerabilities as described on the OpenSSL website.
Note: SAS Web Server 9.45 is part of the SAS® 9.4 Integration Technologies middle tier. The web server is included with SAS® BI Server, SAS® Enterprise BI Server, SAS® Visual Analytics, and any SAS® solution that includes a middle tier.
Potential Impact: The server might be vulnerable to a variety of attacks.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Server | Microsoft® Windows® for x64 | 9.45 | 9.4 TS1M6 | ||
| 64-bit Enabled AIX | 9.45 | 9.4 TS1M6 | ||||
| 64-bit Enabled Solaris | 9.45 | 9.4 TS1M6 | ||||
| HP-UX IPF | 9.45 | 9.4 TS1M6 | ||||
| Linux for x64 | 9.45 | 9.4 TS1M6 | ||||
| Solaris for x64 | 9.45 | 9.4 TS1M6 | ||||
A fix for this issue for SAS Web Server 9.45 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E8D.html#64442| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-08-14 17:40:54 |
| Date Created: | 2019-07-08 15:17:25 |