This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote Slackware host is missing a security update.
New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix potential security issues: * If a
request contains both Transfer-Encoding and Content-Length headers,
remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing attacks. * Added TraceEnable [on|off|extended]
per-server directive to alter the behavior of the TRACE method. It's
hard to say how much real-world impact these have, as there's no more
information about that in the announcement. The original Apache
announement can be read here:
http://www.apache.org/dist/httpd/Announcement1.3.html Note that if you
use mod_ssl, you will also need a new mod_ssl package. These have been
provided for the same releases of Slackware.
See also :
Update the affected apache and / or mod_ssl packages.
Risk factor :
Medium / CVSS Base Score : 4.3
Family: Slackware Local Security Checks
Nessus Plugin ID: 20151 ()
CVE ID: CVE-2005-2088
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.