This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a
user, who was logged into the manager web interface, into visiting a
specially- crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
It was found that mod_rewrite did not filter terminal escape sequences
from its log file. If mod_rewrite was configured with the RewriteLog
directive, a remote attacker could use specially crafted HTTP requests
to inject terminal escape sequences into the mod_rewrite log file. If
a victim viewed the log file with a terminal emulator, it could result
in arbitrary command execution with the privileges of that user.
Cross-site scripting (XSS) flaws were found in the mod_info,
mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they
were able to make the victim's browser generate an HTTP request with a
specially crafted Host header. (CVE-2012-3499)
After installing the updated packages, the httpd daemon will be
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.1
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 66441 ()
CVE ID: CVE-2012-3499CVE-2012-4558CVE-2013-1862
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.