The Register: Experts demolish MS anti-Apache FUD
October 12, 2001
"In response to Gartner's recommendation that businesses investigate alternatives to Microsoft's Internet Information Server, the Beast sent its sales staff a crib sheet with the theme: 'all web servers are vulnerable - but some are more vulnerable others,'. Several dozen of you have written to point out that Microsoft's list of vulnerabilities in Apache, PHP and MySQL misses the point."
"... I feel that the only valid mainstream Unix Apache flaw mentioned was Apache Artificially Long Slash Path Directory Listing Vulnerability, which was fixed early this year but was of low severity only exposing additional information. The reminder were due to add-on programs and running on non-mainstream Apache platforms."