Don't want to stir up unneeded paranoia, however, I'd advise, just to be safe, that everyone use rpm --verify on their appropriate webserver binaries/packages...
For Debian/Ubuntu, you can use the debsums command (very nice tool):
For example, to check the integrity of Apache 2.2 on Ubuntu/Debian:
apt-get update && apt-get install debsums
debsums_init --> this updates the md5 db
debsums apache2.2-bin
debsums apache2.2-common
... Every file shows should show "OK". If not, then you should investigate obviously.
For apache, you may want to check more than the above packages, but the above two are minimum check/starting point.
Of course, modify accordingly for nginx/lighttpd etc.