On 6/29/2010 5:11 PM, Les Mikesell wrote:
What's the correct response to a security scan that points out that apache versions below 2.2.14 have multiple known vulnerabilities? Is there an official document about what known vulnerabilities have been fixed in the RHEL/CentOS updates or do you have to wade through the changelog to try to find each thing?
One of the things to do first is to find out if the client who needs the scan actually does any e-commerce on your server. Otherwise, I have found that the scans can be stopped by having your client contact their CC processing company.
It seems that RHEL is in most of these scanner's systems, however CentOS is not, so they balk at the old versions. It's really all just a big pain.
John Hinton