3 comments

[ 3.3 ms ] story [ 19.1 ms ] thread
It looks like the author obtained the results using the banners obtained by using a scanning tool. For distributions like Ubuntu LTS or RedHat/CentOS, security fixes are backported to older versions of applications like Apache or PHP. For example RHEL 6 bundles PHP 5.3, but backports relevant security fixes.
The tool used was our own scanner and it differentiates between package versions and 'upstream' versions. So when saying an older PHP version, it is about the upstream version, not the package version. There were many hosters that hadn't installed the latest security releases of e.g. RedHat, but I only included when they were on an unsupported release.
(comment deleted)