Security Advisory for Apache HTTP Server Vulnerability

Summary

A reported Apache HTTP Server vulnerability may affect certain versions of QTS. If successfully exploited, the vulnerability could allow attackers to access sensitive information.

We have already fixed these issues in following versions.

• QTS 4.2.6: build 20180711 and later
• QTS 4.3.3: build 20180716 and later
• QTS 4.3.4: build 20180710 and later

Recommendation

To resolve the issue, we recommend updating QTS to the latest version.

If you are using the NAS as a web server, you must restore the default web server configuration after updating QTS. If you are using the NAS as a web server for virtual hosting, you must also enable the virtual host feature after restoring the default web server configuration.

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.
   QTS downloads and installs the latest available update.

Restoring the Default Web Server Configuration

1. Log on to QTS as administrator.
2. Go to Control Panel > Applications > Web Server.
3. Under Maintenance, click Restore.
   A confirmation message appears.
4. Click OK.
   QTS restores the default configurations.

Enabling Virtual Hosting

1. Log on to QTS as administrator.
2. Go to Control Panel > Applications > Web Server > Virtual Host.
3. Select Enable Virtual Host.
4. Click Apply.
   QTS applies the changes.