This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was found that mod_wsgi did not properly drop privileges if the
call to setuid() failed. If mod_wsgi was set up to allow unprivileged
users to run WSGI applications, a local user able to run a WSGI
application could possibly use this flaw to escalate their privileges
on the system. (CVE-2014-0240)
Note: mod_wsgi is not intended to provide privilege separation for
WSGI applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different
solution with proper privilege separation.
It was discovered that mod_wsgi could leak memory of a hosted web
application via the 'Content-Type' header. A remote attacker could
possibly use this flaw to disclose limited portions of the web
application's memory. (CVE-2014-0242)
See also :
Update the affected mod_wsgi and / or mod_wsgi-debuginfo packages.
Risk factor :
Medium / CVSS Base Score : 6.2
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 76246 ()
CVE ID: CVE-2014-0240CVE-2014-0242
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.