Resolving Apache Vulnerability False Positives

-----------------------------------

Affected Roles: Administrator, Power Users

Related Digital Watchdog VMS Apps: DW Spectrum IPVMS

Last Edit: February 6, 2025

-----------------------------------

 

False Positive Apache Alerts

Periodically, users may receive alerts from vulnerability scanners flagging insecure versions of Apache software in DW Spectrum IPVMS. These alerts are typically false positives, as the DW Spectrum does not use Apache. However, the Apache name appears in the HTTP headers of the WebAdmin application due to older, legacy third-party integrations designed to ensure compatibility with known web servers, firewalls, and antivirus systems, particularly older ones.

This article will address how to resolve Apache false positives for DW Spectrum Servers.

 

Verifying Apache Installation

Before proceeding, confirm if Apache is installed on your system. If apache is not installed, you can safely disregard the scanner’s Apache-related alerts.

• On Ubuntu Linux: Run the command “apache2 -v” in the Terminal. If Apache is not installed, you will see a “command not recognized” message, or a similar message.
• On Windows: Check for an apache installation directory, typically located in C:\Program Files or C:\Program Files (x86). If no such directory exists, Apache is not installed.

 

Solution: Removing Apache Headers

If there are no legacy integrations dependent on the current configuration, you can modify the VMS WebAdmin settings to prevent the Apache headers from appearing. Follow these steps:

1. Open a web browser and access the WebAdmin Advanced Settings.
   1. To navigate to the WebAdmin interface, advanced settings, use the following URL, replacing “<server>” with your DW Spectrum Server’s IP address:

2. Modify the serverHeader Setting.
   1. In the General tab, scroll to the serverHeader field.
   2. By default, the value will look like:

1. 3. Update the value to:

 

3. Restart the Media Server Application.
   1. After making the change, restart the media server application to apply the updated configuration.
   2. For Windows, right-click on the DW icon in the Service Tray, on the Windows Task Bar, and select “Stop server (started)”.

After stopping the Media Server, right-click on the DW icon again and select “Start server (stopped)” to start the Media Server.

1. 3. For Ubuntu Linux, open the Terminal program to enter “sudo su”, and enter the password “Dw5pectrum” to log in as the superuser

Use the command “service digitalwatchdog-mediaserver stop”.

After stopping the Media Server, use the command “service digitalwatchdog-mediaserver start” to start the Media Server.

 

4. Validate the changes.
   1. With the default configuration, the serverHeader might appear as:

 

1. 1. After updating the serverHeader should display:

 

5. Re-run the Vulnerability Scanner.
   1. After making the change and restarting the service, run the scanner again. The false positive should no longer appear.

 

These steps address the false positive related to Apache in DW Spectrum IPVMS. If legacy integrations are required, consider the implications of modifying the serverHeader before proceeding.

 

 

 

For More Information or Technical Support

DW Technical Support:  866.446.3595 (option 4)

https://www.digital-watchdog.com/contact-tech-support/

______________________________________________________________________________

DW Sales:  866.446.3595                   [email protected]        www.digital-watchdog.com