We just had a scan completed and two vulnerabilities were found. Both talk about updating to ver. 2.0.61. Yet we are running NetWare 6.5.6 that is only ver. 2.0.59 What can we do to fix this. Or is it not really a vulnerability on NetWare? Any help would be great.

Here are the vulnerabilities:

1. Vulnerability: 5041: Web Server HTTP TRACE Method Supported
The TRACE method is an HTTP command used for debugging purposes. A client
sending the TRACE command to a web server will receive an echo of the entire
request, including HTTP headers. It is possible for a malicious user to obtain sensitive
information from the headers, such as cookies or authentication data. Many web
servers released prior to January 2003 had the TRACE method enabled by default.
These include Apache, Microsoft IIS, Sun ONE/iPlanet Web Server, and WebLogic
Server and Express.

2. Vulnerability: 6151: Apache HTDigest Realm Command Line Argument Buffer
Overflow Vulnerability
A buffer overflow vulnerability exists in the htdigest utility included with Apache. The
vulnerability is due to improper bounds checking when copying user-supplied realm
data into local buffers. By supplying an overly long realm value to the command line
options of htdigest, it is possible to trigger an overflow condition. This may cause
memory to be corrupted with attacker-specified values. Since the program is not
setuid, this vulnerability does not have a local impact. However, this may be an issue
if htdigest is called from a CGI script. An attacker may be able to supply malformed
data to the program which will cause the overflow to occur. This issue could be
exploited by a remote attacker; potentially resulting in the execution of arbitrary
system commands within the context of the web server process.