[CentOS] security compliance vs. old software versions
Benjamin Franz
jfranz at freerun.com
Tue Jun 29 23:51:11 UTC 2010
On 06/29/2010 03:52 PM, Les Mikesell wrote:
>
> It's internal, but requires a formal response - or an application
> update. The test tool says:
>
> These are the reported vulnerabilities
>
> Apache Server 2.x Prior To 2.2.14 Multiple Vulnerabilities Apache
> \'mod_proxy_ftp\' Wildcard Characters Cross-Site Scripting.
>
> Apache 2.2 prior to 2.2.15 Multiple Vulnerabilities Apache Prior to
> Version 2.2.8 Multiple Vulnerabilities Apache Prior to Version 2.2.9
> Multiple Vulnerabilities Apache Server 2.x Prior To 2.2.12 Multiple
> Vulnerabilities
>
>
Start with http://httpd.apache.org/security/vulnerabilities_22.html to
identify the CVE numbers. You can then match them against the fixes for
Apache with rpm -qi --changelog httpd | egrep CVE
--
Benjamin Franz
More information about the CentOS
mailing list