Podo Carp wrote:
I recently underwent an audit of my OpenBSD 3.8 systems and the audit report identified CVE-2004-0700 (mod-proxy/mod_ssl format string vulnerability) as a potential risk.
Perhaps your scanner relies on reported versions, rather than actual vulnerabilities?
If I'm reading the vulnerability right, it was fixed here: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c.diff?r1=1.9&r2=1.10&f=h The vuln was disclosed 7/27/2004, but was fixed 6/1/2003.
