An organization has had problems with security teams remediating vulnerabilities that are either false positives or are not applicable to the organization’s servers. Management has put emphasis on security teams conducting detailed analysis and investigation before conducting any remediation.
The output from a recent Apache web server scan is shown below:
The team performs some investigation and finds this statement from Apache on 07/02/2008:
“Fixed in Apache HTTP server 2.2.6, 2.0.61, and 1.3.39”
Which of the following conditions would require the team to perform remediation on this finding?
A. The organization is running version 2.2.6 and has ExtendedStatus enabled
B. The organization is running version 2.0.59 is not using a public-server-status page
C. The organization is running version 1.3.39 and is using a public-server-status page
D. The organization is running version 2.0.5 and has ExtendedStatus enabled