Matthew Seaman m.seaman at infracaninophile.co.uk
Mon Apr 12 13:32:16 PDT 2004

On Mon, Apr 12, 2004 at 03:39:44PM -0400, Chuck Swiger wrote:
> Matthew Seaman wrote:
> [ ... ]
> >Your friend is being unnecessarily alarmist.  apache2 is not
> >significantly different to apache13 in security terms.
> There have been 16 CVE entries list for Apache 2, and 8 for Apache 1.x:
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+2
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+1

Errr -- did you look at the lists of entries those searches actually
turn up?  Quite a few of the entries for the 'apache+2' search are
actually apache-1.3.x specific...  In fact, by my reckoning most of
the CVE entries which are generic apache problems (i.e. they aren't OS
or distribution specific, or they don't depend on some 3rd party code,
like PHP) -- most of those apply equally to both apache-1.3.x and
apache-2.0.x.  If you search for the currently released apache
versions, there are 2 entries mentioning apache-1.3.29 (one of which
is actually for versions *before* 1.3.29), and also 2 mentioning
apache-2.0.49 (again one of which only applies to versions *before*

I don't think that simply counting CVE entries is going to tell you
very much useful.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040412/cfb55a95/attachment.bin

More information about the freebsd-questions mailing list