Re: [CentOS] security compliance vs. old software versions

On 06/29/2010 03:52 PM, Les Mikesell wrote:

It's internal, but requires a formal response - or an application update. The test tool says:

These are the reported vulnerabilities

Apache Server 2.x Prior To 2.2.14 Multiple Vulnerabilities Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting.

Apache 2.2 prior to 2.2.15 Multiple Vulnerabilities Apache Prior to Version 2.2.8 Multiple Vulnerabilities Apache Prior to Version 2.2.9 Multiple Vulnerabilities Apache Server 2.x Prior To 2.2.12 Multiple Vulnerabilities

Start with http://httpd.apache.org/security/vulnerabilities_22.html to identify the CVE numbers. You can then match them against the fixes for Apache with rpm -qi --changelog httpd | egrep CVE