Apache vulnerability CVE-2023-43622 CVE-2023-45802 CVE-2023-31122 in License Server 11.17.2.0 44000

book

Article ID: CTX583758

calendar_today

Updated On:

Description

Apache 2.4.57 contains vulnerabilities and is used in the License Server version 11.17.2.0 build 44000. Security scans may raise the following CVEs:

CVE-2023-43622 - https://www.cve.org/CVERecord?id=CVE-2023-43622 Affects HTTP/2
CVE-2023-45802 - https://www.cve.org/CVERecord?id=CVE-2023-45802 Affetcs HTTP/2
CVE-2023-31122 - https://www.cve.org/CVERecord?id=CVE-2023-31122 Affects mod_macro

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

No action is required.

Citrix License Server does not contain the affected modules: mod_macro and does not use HTTP/2 and is therefore not affected. The next version of the Citrix licensing server would have a newer Apache version as well.

Customers may also wish to upgrade to build 45000 which utilizes Apache 2.4.58, but this is not necessary to mitigate the CVE issues as the previous version was not impacted.

https://docs.citrix.com/en-us/licensing/current-release/about

Problem Cause

Security software flagged License Server 11.17.2.0 build 44000 as vulnerable due to the use of Apache 2.4.57

Issue/Introduction

The Citrix License Server is not affected by the reported vulnerabilities as it does not use the affected modules and protocol

Additional Information

Build 45000 details (Citrix Docs): https://docs.citrix.com/en-us/licensing/current-release/about

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"