This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A flaw was found in the way PHP converted certain floating point
values from string representation to a number. If a PHP script
evaluated an attacker's input in a numeric context, the PHP
interpreter could cause high CPU usage until the script execution time
limit is reached. This issue only affected i386 systems.
A numeric truncation error and an input validation flaw were found in
the way the PHP utf8_decode() function decoded partial multi-byte
sequences for some multi-byte encodings, sending them to output
without them being escaped. An attacker could use these flaws to
perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)
A NULL pointer dereference flaw was found in the PHP
ZipArchive::getArchiveComment function. If a script used this function
to inspect a specially-crafted ZIP archive file, it could cause the
PHP interpreter to crash. (CVE-2010-3709)
After installing the updated packages, the httpd daemon must be
restarted for the update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8