The Apache Security Team rates the impact of each security flaw
that affects the Apache web server. We've chosen a rating scale quite
similar to those used by other major vendors in order to be
consistent. Basically the goal of the rating system is to answer the
question "How worried should I be about this vulnerability?".
Note that the rating chosen for each flaw is the worst possible
case across all architectures. In the past for example we've had
flaws that have a Critical impact on some BSD architectures, whilst no
real impact on others. To determine the exact impact of a
particular vulnerability on your own systems you will still need to
read the security advisories to find out more about the flaw.
We use the following descriptions
to decide on the impact rating to give each vulnerability: