On Fri, Aug 14, 2020 at 4:06 PM Nic P <webninja458@xxxxxxxxx> wrote: > > Thanks Eric - there are unfortunately a long list of similar CVE's > so this has created an audit nightmare > > 1999-0070 > 1999-0236 > 1999-0289 > 2001-0131 > 2001-1556 > 2007-0086 > 2007-1349 > 2007-4723 > 2007-5156 > 2008-2579 > 2009-0796 > 2009-2299 > 2011-1176 > 2011-1752 > 2011-1783 > 2011-2688 > 2012-3526 > 2012-4001 > 2012-4360 > 2013-0941 > 2013-0942 > 2013-2765 > 2013-4365 > > Is there any Apache official statement to the bug in NIST that I can refer the auditors to? None I am aware of. I spot checked a few and a good number were not even from the httpd project. mod_security (third-party mod), mod_dav_svn (subversion), RSA Secure Agent (???) The only things they have in common is that the CPE says they apply to all releases of Apache, even if they are not part of Apache or were disputed or have basically no information in them. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|