apache13-modssl
Matthew Seaman
m.seaman at infracaninophile.co.uk
Mon Apr 12 13:32:16 PDT 2004
On Mon, Apr 12, 2004 at 03:39:44PM -0400, Chuck Swiger wrote:
> Matthew Seaman wrote:
> [ ... ]
> >Your friend is being unnecessarily alarmist. apache2 is not
> >significantly different to apache13 in security terms.
>
> There have been 16 CVE entries list for Apache 2, and 8 for Apache 1.x:
>
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+2
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+1
Errr -- did you look at the lists of entries those searches actually
turn up? Quite a few of the entries for the 'apache+2' search are
actually apache-1.3.x specific... In fact, by my reckoning most of
the CVE entries which are generic apache problems (i.e. they aren't OS
or distribution specific, or they don't depend on some 3rd party code,
like PHP) -- most of those apply equally to both apache-1.3.x and
apache-2.0.x. If you search for the currently released apache
versions, there are 2 entries mentioning apache-1.3.29 (one of which
is actually for versions *before* 1.3.29), and also 2 mentioning
apache-2.0.49 (again one of which only applies to versions *before*
2.0.49)
I don't think that simply counting CVE entries is going to tell you
very much useful.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040412/cfb55a95/attachment.bin
More information about the freebsd-questions
mailing list