0

I have a web server, and I was told that the version of Apache running on it is the latest version, regardless of what the output of httpd -v states.

When I execute httpd -v, I see 'Server version: Apache/2.4.6 (CentOS)'

I was told to not pay attention to this version number, and the underlying Apache is running at the latest version. Something about the upstream...?

How can I verify this? As I am pretty cautious that my web server is still running an older and vulnerable version.

Thanks for the help!

Michael
  • 51
  • 3
  • 8
  • 3
    https://access.redhat.com/security/updates/backporting – alexus Feb 10 '17 at 21:34
  • 1
    See also [Do old package versions in CentOS mean that they do not have security fixes?](http://serverfault.com/q/598920/126632) – Michael Hampton Feb 10 '17 at 21:36
  • Hi Michael, thank you for responding and I read your response on the other question. How do you check to see if your installed Apache contains security fixes? – Michael Feb 10 '17 at 21:41
  • `rpm -q httpd --changelog | grep -i cve` to look for CVE's, or manually inspect changes and dates in the change log. – Aaron Feb 10 '17 at 22:26

0 Answers0