A nice article written by Alan Hargreaves -as well Principal Field Technologist- to explain, why the version number of the Apache delivered with Solaris 10 doesn’t automatically indicates that it’s vulnerable against the attacks reported against Apache since that version:

Now, that being said you may also note after installation that it still identifies as Apache 2.0.63 and you may have concerns about vulnerabilities addressed in 2.0.64 mentioned on the Apache web site. The way that we maintain Apache on Solaris 10 is not to drop in new releases as they happen, rather we take the fixes mentioned and backport them to our 2.0.63 codebase.

Alan, i hope linking to this article reliefs you from some additional calls about this topic ;)