Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Apr 2004 21:32:09 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Chuck Swiger <cswiger@mac.com>
Cc:        questions@freebsd.org
Subject:   Re: apache13-modssl
Message-ID:  <20040412203209.GA69747@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <407AF080.5070109@mac.com>
References:  <20040412095020.M76613@maa-net.net> <20040412102829.GB7692@happy-idiot-talk.infracaninophile.co.uk> <407AF080.5070109@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--fUYQa+Pmc3FrFX/N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 12, 2004 at 03:39:44PM -0400, Chuck Swiger wrote:
> Matthew Seaman wrote:
> [ ... ]
> >Your friend is being unnecessarily alarmist.  apache2 is not
> >significantly different to apache13 in security terms.
>=20
> There have been 16 CVE entries list for Apache 2, and 8 for Apache 1.x:
>=20
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=3Dapache+2
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=3Dapache+1

Errr -- did you look at the lists of entries those searches actually
turn up?  Quite a few of the entries for the 'apache+2' search are
actually apache-1.3.x specific...  In fact, by my reckoning most of
the CVE entries which are generic apache problems (i.e. they aren't OS
or distribution specific, or they don't depend on some 3rd party code,
like PHP) -- most of those apply equally to both apache-1.3.x and
apache-2.0.x.  If you search for the currently released apache
versions, there are 2 entries mentioning apache-1.3.29 (one of which
is actually for versions *before* 1.3.29), and also 2 mentioning
apache-2.0.49 (again one of which only applies to versions *before*
2.0.49)

I don't think that simply counting CVE entries is going to tell you
very much useful.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--fUYQa+Pmc3FrFX/N
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAevzJdtESqEQa7a0RAtsTAKCKGwWMn8YGMc64DzrxxOa7YRYoZwCfUBjr
d0dlZigamMBSITB+6ILeNHE=
=pNoE
-----END PGP SIGNATURE-----

--fUYQa+Pmc3FrFX/N--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040412203209.GA69747>