Like nicole pauls said, I think if you were to actually try this exploit on the LEM, you'd find that the Apache has been fixed so it's not possible, so the PEN test is just tripping on the version string.
At the same time, the LEM shouldn't be open to the Internet (we don't support that), so the potential list of "hackers" consists of people on your internal network. That cuts a lot of riff-raff, and lets you hit people with a stick if they try anything, an option that is sadly lacking from the Internet at large.
You can use the RestrictConsole command in the CMC shell to further restrict what IPs can even open a connection with the LEM (this command modifies the IPTABLES), and therefore further reduce the potential number of people who can even try to exploit Apache.