Our PCI Compliance scan is failing on a vulernability in Apache running on ports 2080 and 2443.
Description: Apache HTTP Server httpOnly Cookie Information Disclosure Synopsis: The web server running on the remote host has an information disclosure vulnerability. Resolution: Upgrade to Apache version 2.2.22 or later.
I found httpd-iworx version 2.2.23 for CentOS 6, but only version 2.0.64 for CentOS 5. Cent OS 5 has the normal Apache packages upgraded to v2.2.23, just not the iworx-special Apache. Will an upgraded httpd-iworx package be made available for CentOS 5?