Coffeehouse Post

Single Post Permalink

View Thread: Apache and IIS
  • User profile image
    Deviate_X

    Consider IIs 6 and Apache 2. It appears that Apache is considered (A++) more secure.
     Is this a myth or reality?
    
    From http://www.securityfocus.com/bid/vendor/
    
    Microsoft IIS 6.0:
    
    2003-07 22:  Microsoft Multiple IIS 6.0 Web Admin Vulnerabilities 
    
    
    Apache 2.0:
    
    2004-09-13:  Apache Connection Blocking Denial Of Service Vulnerability 
    2004-09-13:  Apache Error Log Escape Sequence Injection Vulnerability 
    2004-09-07:  Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability 
    2004-08-10:  Multiple Vendor HTTP Response Splitting Vulnerability 
    2004-07-23:  Apache mod_userdir Module Information Disclosure Vulnerability 
    2004-05-05:  Apache Web Server Multiple Module Local Buffer Overflow Vulnerability 
    2004-05-05:  Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness 
    2004-04-24:  Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability 
    2004-04-07:  Apache Chunked-Encoding Memory Corruption Vulnerability 
    2004-03-25:  Apache mod_disk_cache Module Client Authentication Credential Storage Weakness 
    2004-03-15:  Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness 
    2004-02-24:  Apache Cygwin Directory Traversal Vulnerability 
    2004-02-07:  Apache mod_php Global Variables Information Disclosure Weakness 
    2004-01-27:  Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability 
    2003-12-26:  Apache mod_php Module File Descriptor Leakage Vulnerability 
    2003-10-29:  Apache Web Server Prefork MPM Denial Of Service Vulnerability 
    2003-10-25:  Apache2 MOD_CGI STDERR Denial Of Service Vulnerability 
    2003-09-10:  Apache Server Side Include Cross Site Scripting Vulnerability 
    2003-09-05:  Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability 
    2003-09-04:  Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability 
    2003-05-06:  OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability 
    2003-03-06:  Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability 
    2002-11-05:  Apache /tmp File Race Vulnerability 
    2002-09-27:  Apache 2 mod_dav Denial Of Service Vulnerability 
    2002-08-16:  Apache 2.0 CGI Path Disclosure Vulnerability 
    2002-08-16:  Apache 2.0 Path Disclosure Vulnerability 
    2002-08-16:  Apache 2.0 Encoded Backslash Directory Traversal Vulnerability 
    2002-07-17:  Apache httpd 2.0 CGI Error Path Disclosure Vulnerability