http://httpd.apache.org/security/vulnerabilities_20.html states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. i am no longer a httpd expert, but at least one of the security fixes involves XSS attacks via malformed ftp commands. I also realize that redhat / centos may patch things separately from Apache and that the sysadmin has a great deal to do with how secure things are, but almost 5 years? Does the sysadmin for www.centos.org get paid? -------------- next part -------------- HTTP/1.1 200 OK Date: Sun, 22 Mar 2009 19:37:51 GMT Server: Apache/2.0.52 (CentOS) X-Powered-By: PHP/4.3.9 Set-Cookie: PHPSESSID=f12ba53116e0f192b7653131d951a17d; path=/ Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: private, no-cache Pragma: no-cache Content-Type: text/html; charset=ISO-8859-1 Connection: keep-alive