This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could
allow a remote attacker to perform cross-site scripting attacks
Note: it is recommended the 'examples' web application not be
installed on a production system.
The Manager and Host Manager web applications did not escape user
provided data. If a user is logged in to the Manager or Host Manager
web application, an attacker could perform a cross-site scripting
Tomcat was found to accept multiple content-length headers in a
request. This could allow attackers to poison a web-cache, bypass web
application firewall protection, or conduct cross-site scripting
Tomcat permitted various characters as path delimiters. If Tomcat was
used behind certain proxies and configured to only proxy some
contexts, an attacker could construct an HTTP request to work around
the context restriction and potentially access non-proxied content.
The implict-objects.jsp file distributed in the examples webapp
displayed a number of unfiltered header values. If the JSP examples
were accessible, this flaw could allow a remote attacker to perform
cross-site scripting attacks. (CVE-2006-7195)
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0