This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200409-23
(SnipSnap: HTTP response splitting)
SnipSnap contains various HTTP response splitting vulnerabilities that
could potentially compromise the sites data. Some of these attacks
include web cache poisoning, cross-user defacement, hijacking pages
with sensitive user information, and cross-site scripting. This
vulnerability is due to the lack of illegal input checking in the
A malicious user could inject and execute arbitrary script code,
potentially compromising the victim's data or browser.
There is no known workaround at this time.
See also :
All SnipSnap users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=dev-java/snipsnap-bin-1.0_beta1'
# emerge '>=dev-java/snipsnap-bin-1.0beta1'
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 14774 (gentoo_GLSA-200409-23.nasl)
CVE ID: CVE-2004-1470