This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200410-21
(Apache 2, mod_ssl: Bypass of SSLCipherSuite directive)
A flaw has been found in mod_ssl where the 'SSLCipherSuite' directive could
be bypassed in certain configurations if it is used in a directory or
location context to restrict the set of allowed cipher suites.
A remote attacker could gain access to a location using any cipher suite
allowed by the server/virtual host configuration, disregarding the
restrictions by 'SSLCipherSuite' for that location.
There is no known workaround at this time.
See also :
All Apache 2 users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=www-servers/apache-2.0.52'
# emerge '>=www-servers/apache-2.0.52'
All mod_ssl users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=net-www/mod_ssl-2.8.20'
# emerge '>=net-www/mod_ssl-2.8.20'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 15545 (gentoo_GLSA-200410-21.nasl)
CVE ID: CVE-2004-0885
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.