OpenSSL 0.9.8i vulnerable - is Apache https vulnerable too ?

[t35tman <t35tman () gmail com>]

HI,

Hope someone here can help me out with this.

I came across a Apache server (win32) 2.2.10 with mod_ssl/2.2.10
compiled with Openssl 0.9.8.i

The version reported OpenSSL 0.9.8.i is vulnerable and there are newer
version with fixes launched.

However Apache has not released any patches and neither did I see Apache
foundation in the listing of vulnerable devices in
www.securityfocus.com/bid/34256/info

Since the reported version is Openssl 0.9.8.i version (listed as
vulnerable) could this installed version of Apache be vulnerable too?

Any help / guidance is appreciated

Regards

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------