On 06/29/2010 03:52 PM, Les Mikesell wrote: > > It's internal, but requires a formal response - or an application > update. The test tool says: > > These are the reported vulnerabilities > > Apache Server 2.x Prior To 2.2.14 Multiple Vulnerabilities Apache > \'mod_proxy_ftp\' Wildcard Characters Cross-Site Scripting. > > Apache 2.2 prior to 2.2.15 Multiple Vulnerabilities Apache Prior to > Version 2.2.8 Multiple Vulnerabilities Apache Prior to Version 2.2.9 > Multiple Vulnerabilities Apache Server 2.x Prior To 2.2.12 Multiple > Vulnerabilities > > Start with http://httpd.apache.org/security/vulnerabilities_22.html to identify the CVE numbers. You can then match them against the fixes for Apache with rpm -qi --changelog httpd | egrep CVE -- Benjamin Franz