This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
A cross-site scripting vulnerability was discovered in mod_ssl by Joe
Orton. This only affects servers using a combination of wildcard DNS
and 'UseCanonicalName off' (which is not the default in Mandrake
Linux). With this setting turned off, Apache will attempt to use the
hostname:port that the client supplies, which is where the problem
comes into play. With this setting turned on (the default), Apache
constructs a self-referencing URL and will use ServerName and Port to
form the canonical name.
It is recommended that all users upgrade, regardless of the setting of
the 'UseCanonicalName' configuration option.
Update the affected mod_ssl package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Mandriva Local Security Checks
Nessus Plugin ID: 13972 (mandrake_MDKSA-2002-072.nasl)
CVE ID: CVE-2002-1157