This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was found that the mod_dav module did not correctly strip leading
white space from certain elements in a parsed XML. In certain httpd
configurations that use the mod_dav module (for example when using the
mod_dav_svn module), a remote attacker could send a specially crafted
DAV request that would cause the httpd child process to crash or,
possibly, allow the attacker to execute arbitrary code with the
privileges of the 'apache' user. (CVE-2013-6438)
A buffer over-read flaw was found in the httpd mod_log_config module.
In configurations where cookie logging is enabled (on Scientific Linux
it is disabled by default), a remote attacker could use this flaw to
crash the httpd child process via an HTTP request with a malformed
cookie header. (CVE-2014-0098)
After installing the updated packages, the httpd daemon will be
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 73369 ()
CVE ID: CVE-2013-6438CVE-2014-0098
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.