This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
The Apache HTTP Server did not verify that a process was an Apache
child process before sending it signals. A local attacker with the
ability to run scripts on the Apache HTTP Server could manipulate the
scoreboard and cause arbitrary processes to be terminated which could
lead to a denial of service (CVE-2007-3304). This issue is not
exploitable on Scientific Linux 5 if using the default SELinux
A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus
is enabled this could lead to a cross-site scripting attack. On
Scientific Linux the server-status page is not enabled by default and
it is best practice to not make this publicly available.
A bug was found in the Apache HTTP Server mod_cache module. On sites
where caching is enabled, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling
that request to crash. This could lead to a denial of service if using
a threaded Multi-Processing Module. (CVE-2007-1863)
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0