Need to remove vulnerabilities from server running websence 7.1 with apache

Please help me to resolve the vulnerabilities m getting on my server running websence..

Description:
According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The 'mod_proxy_ajp' module returns the wrong status code if it encounters an error which causes the back-end server to be put into an error state. (CVE-2010-0408) - The 'mod_isapi' attempts to unload the 'ISAPI.dll' when it encounters various error states which could leave call-backs in an undefined state. (CVE-2010-0425) - A flaw in the core sub-request process code can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded environment is used. (CVE-2010-0434)

Risk factor:
Critical

CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
See also:
http://httpd.apache.org/security/vulnerabilities_22.html

See also:
https://issues.apache.org/bugzilla/show_bug.cgi?id=48359

See also:
http://www.apache.org/dist/httpd/CHANGES_2.2.15

Solution:
Upgrade to Apache version 2.2.15 or later.


Please suggest how to resolve this without affecting running websence on my server..?
LVL 1
patronTechnical consultant Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
key is also whether websense 7.1 support the new patches of Apache. i believe Websense will also have step recommending to upgrade those components, in this case, the Apache Services (Websense 7.x), known as Apache2Websense and ApacheTomcatWebsense. they are commonly addressed in websense updates tagging with "Apache Tomcat security vulnerabilities" and "Apache HTTPD vulnerabilities"

@ http://community.websense.com/forums/p/3075/10807.aspx#10807

but it is best to have Websense to share the update with their internal testing and advices. This link is useful in general
@ http://www.websense.com/support/article/t-kbarticle/v7-Security-Tips-for-Websense-Manager-machine-1258048502566

See some related update they had  
@ http://www.websense.com/support/article/t-kbarticle/v7-Apache-HTTPD-vulnerabilities-1258048491310
@ http://www.websense.com/support/article/t-kbarticle/v7-Apache-Tomcat-security-vulnerabilities-1258048503850

specifically, it is still best to plan for the replacement with patched server, maybe in non peak hours, with one to one server switch, after trying out in staging server for a while. not easy to do it on live production server
@ http://tmgblog.richardhicks.com/2009/07/28/websense-content-filtering-services-shutdown-and-startup-order/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
patronTechnical consultant Author Commented:
Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Utilities

From novice to tech pro — start learning today.