Merci pour ta réponse
Oui je suis bien en version Sarge.
Apparament deja dans le changelog de la version 2.0.55 il y a plusieurs correction de faille :
[quote]Changes with Apache 2.0.55
*) SECURITY: CVE-2005-2700 (cve.mitre.org)
mod_ssl: Fix a security issue where “SSLVerifyClient” was not
enforced in per-location context if "SSLVerifyClient optional"
was configured in the vhost configuration. [Joe Orton]
*) SECURITY: CVE-2005-2970 (cve.mitre.org)
worker MPM: Fix a memory leak which can occur after an aborted
connection in some limited circumstances. [Greg Ames]
*) SECURITY: CVE-2005-2491 (cve.mitre.org):
Fix integer overflows in PCRE in quantifier parsing which could
be triggered by a local user through use of a carefully-crafted
regex in an .htaccess file. [Philip Hazel]
*) SECURITY: CVE-2005-2088 (cve.mitre.org)
proxy: Correctly handle the Transfer-Encoding and Content-Length
headers. Discard the request Content-Length whenever T-E: chunked
is used, always passing one of either C-L or T-E: chunked whenever
the request includes a request body. Resolves an entire class of
proxy HTTP Request Splitting/Spoofing attacks. [William Rowe]
*) SECURITY: CVE-2005-2728 (cve.mitre.org)
Fix cases where the byterange filter would buffer responses
into memory. PR 29962. [Joe Orton]
*) SECURITY: CVE-2005-2088 (cve.mitre.org)
core: If a request contains both Transfer-Encoding and Content-Length
headers, remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
*) SECURITY: CVE-2005-1268 (cve.mitre.org)
mod_ssl: Fix off-by-one overflow whilst printing CRL information
at “LogLevel debug” which could be triggered if configured
to use a “malicious” CRL. PR 35081. [Marc Stern ]
[/quote]
Il y en a même pas mal