[CentOS] security compliance vs. old software versions

Tue Jun 29 23:51:11 UTC 2010
Benjamin Franz <jfranz at freerun.com>

On 06/29/2010 03:52 PM, Les Mikesell wrote:
>
> It's internal, but requires a formal response - or an application
> update.  The test tool says:
>
> These are the reported vulnerabilities
>
> Apache Server 2.x Prior To 2.2.14 Multiple Vulnerabilities Apache
> \'mod_proxy_ftp\' Wildcard Characters Cross-Site Scripting.
>
> Apache 2.2 prior to 2.2.15 Multiple Vulnerabilities Apache Prior to
> Version 2.2.8 Multiple Vulnerabilities Apache Prior to Version 2.2.9
> Multiple Vulnerabilities Apache Server 2.x Prior To 2.2.12 Multiple
> Vulnerabilities
>
>    
Start with http://httpd.apache.org/security/vulnerabilities_22.html to 
identify the CVE numbers. You can then match them against the fixes for 
Apache with rpm -qi --changelog httpd | egrep CVE

-- 
Benjamin Franz