Scientific Linux Security Update : httpd on SL3.x i386/x86_64

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus
is enabled this could lead to a cross-site scripting attack. On Red
Hat Enterprise Linux the server-status page is not enabled by default
and it is best practice to not make this publicly available.

A flaw was found in the Apache HTTP Server mod_cache module. On sites
where caching is enabled, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling
that request to crash. This could lead to a denial of service if using
a threaded Multi-Processing Module. (CVE-2007-1863)

See also :

Solution :

Update the affected httpd, httpd-devel and / or mod_ssl packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60221 ()

Bugtraq ID:

CVE ID: CVE-2006-5752