A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, and reported the following problems. The only one I've tested is the directory traversal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not?
The upstream vendor backports security fixes into the existing version. Simply checking the version number is not a valid test for this simple fact. You can run 'rpm -q --changelog httpd' to see the fixes or you can look at the RH website and check their security releases there as well. https://www.redhat.com/security/updates/
To understand what they're doing with the backporting and why, read this http://www.redhat.com/advice/speaks_backport.html
-- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety'' Benjamin Franklin 1775