Several vulnerabilities have been detected in Apache versions prior to 2.4.27. Various monitoring software advise users to update Apache to version 2.4.27. Some programs mark Apache version 2.4.17 used by Acronis Web Server service in Acronis Backup 11.7 (the web server allows users of an organization to install Acronis Backup on their machines without having to specify installation settings, see details here) as affected.
Acronis Web Server service does not use the affected modules. You can ignore this warning.
Neither Acronis Backup 11.7, nor Acronis Backup 12/12.5 are affected by these vulnerabilities.
However, if your company's security policy requires disabling the vulnerable version of Apache, follow instructions in this article.
NOTE: Acronis Management Server Web page will become unavailable after these steps.
Do the following:
- If you do not have Acronis Management Server installed yet, do not select Enable management server Web page option during installation of Acronis Management Server.
- If Acronis Management Server is installed:
- Open Command Prompt: Start -> Search -> type cmd.exe and press Enter.
- Stop Acronis Web Server Service by issuing:
sc stop AmsWebServer
- Delete the service by issuing:
sc delete AmsWebServer
- From C:\Program Files\Common Files\Acronis\WebServer, delete contents of this folder.
You will still be able to install Acronis Agent using one of the following standard ways: