I see that Afterdawn is using Apache 2.2.3. Shouldn't it be updated to 2.2.10? 2.2.3 has quite a number of vulnerabilities.... especially exploited by those who break the rules and get banned...lol Best Regards
Thanks for the tip! =) We live by the CentOS update schedule, and 2.2.3 is the latest version of Apache available for the time being. Apache versions between 2.2.3 and 2.2.10 have patched only minor vulnerabilities - all of them in modules not used by us. Or am I mistaken?
Thanks for your reply. I was actually more concerned about these updates found in 2.2.6: The other updates in 2.2.8 and higher don't really concern AfterDawn's active modules (at least those I know about...), unless there is a FTP server within AfterDawn as well. Best Regards
Actually we don't use mod_cache (or mod_mem_cache for that matter) at AfterDawn. Local attacks aren't a concern either since no-one outside the company has access to the servers.
