Hi, We are trying to validate if Apache 1.3.41 is vulnerable to CVE-2012-0053. Tenant Nessus vulnerability scanner seems to think it's but according to the advisory on Apache website and NIST vulnerability database, only 2.2.0 to 2.2.21 are vulnerable to this. I know Apache 1.3.x is not supported anymore but the security advisories are usually listed as "not fixed" on Apache Security Reports webpage. Also, the advisory doesn't affect Apache 2.0.x
With all this being said, I believe it does not affect 1.3.x but I'm looking for more opinions. Best regards, Yannick Bergeron
