apache_2_2_8.nasl
The plugin apache_2_2_8.nasl checks the banner for version numbers 2.2.0-7.
However, a check of the quoted CVEs shows that these problems are also present in Apache versions upto 2.0.61.
A check of the Apache changes file indicates that only CVE-2007-6203, CVE-2007-6388 and CVE-2007-5000 are fixed in 2.0.63. But, the CVE descriptions imply that all the problems should be fixed in releases after 2.0.61. For example, CVE-2008-0005 says it is fixed in 2.0.62-dev but this problem is not included in the 2.0.63 changes file.
Should apache_2_2_8.nasl plugin be changed to also report on the 2.0.x tree or should there be an almost identical plugin (apache_2_0_63.nasl) ?
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
The plugin apache_2_2_8.nasl checks the banner for version numbers 2.2.0-7.
However, a check of the quoted CVEs shows that these problems are also present in Apache versions upto 2.0.61.
A check of the Apache changes file indicates that only CVE-2007-6203, CVE-2007-6388 and CVE-2007-5000 are fixed in 2.0.63. But, the CVE descriptions imply that all the problems should be fixed in releases after 2.0.61. For example, CVE-2008-0005 says it is fixed in 2.0.62-dev but this problem is not included in the 2.0.63 changes file.
Should apache_2_2_8.nasl plugin be changed to also report on the 2.0.x tree or should there be an almost identical plugin (apache_2_0_63.nasl) ?
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers