If a vulnerability is listed on the 2.4 page ( https://httpd.apache.org/security/vulnerabilities_24.html) - let's pick on CVE-2014-0226 for mod_status and it is listed as affecting 2.4.9 down to 2.4.1, would 2.2.x also be vulnerable? It is not specifically listed on the 2.2 vulnerability page ( https://httpd.apache.org/security/vulnerabilities_22.html).
To add to any confusion, we are using the RHEL 6 RPM install of httpd, which is based on 2.2.15 with fixes added. So they have a versioning scheme of 2.2.15-## (currently 30). A new update was released stating that CVE-2014-0226 is corrected. Did Red Hat re-engineer the 2.4 fix for 2.2? Thank you for any input anyone may have. Mike Beadle Engineer - Collaborative Systems, Information Technology • Securian Financial Group 400 Robert Street North • St. Paul, MN 55101-2098 651-665-7620 michael.bea...@securian.com • www.securian.com Securian Financial Group – Financial security for the long run ® This email transmission and any file attachments may contain confidential information intended solely for the use of the individual or entity to whom it is addressed. If you have received this email message in error, please notify the sender and delete this email from your system. If you are not the intended recipient, you may not disclose, copy, or distribute the contents of this email.
