I have scanned my website on TrustWave for PCI Compliance and foud this error
Apache HTTP Server mod_session_dbd Session ID Reuse Vulnerability
My website is running on Windows Server 2008 R2 Enterprise on Apache Server 2.4.4(On XAMPP)
Following link is the Patch to fix this issue but unable to locate the location of the file to edit
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
as suggested by http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2249
Can any one guide me please !
Best regards !
this vulnerability is on the lastest version of apache so there is nothing to upgrade
if you have installed this version of apache on redHat-Enterprise (version:4 or 5 or 6) so your are not affected
if no :
this vulneravility is about session_start(); $_session(); whene session_id is set by the php there is no session_expired that renew the session_id
Solution:
dont use this module session_start(); and wait fot he new update of the apache that's all and there is nothing to Carry about