Am 22.03.2009 um 20:40 schrieb Rob Townley: > http://httpd.apache.org/security/vulnerabilities_20.html > > states that Apache 2.0.52 is 4 years old and the latest version is > 2.0.68. > i am no longer a httpd expert, but at least one of the security fixes > involves XSS attacks via malformed ftp commands. I also realize that > redhat / centos may patch things separately from Apache and that the > sysadmin has a great deal to do with how secure things are, but > almost 5 years? > Download the src-RPM and make a checklist which CVEs are fixed and which not. (It's in a changelog-file somewhere - I don't remember the details, it's a while that I actually looked) Then, return here. Best Regards, Rainer