This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been found and corrected in apache (ASF
Various XSS (cross-site scripting vulnerability) flaws due to
unescaped hostnames and URIs HTML output in mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp (CVE-2012-3499).
XSS (cross-site scripting vulnerability) in mod_proxy_balancer manager
Additionally the ASF bug 53219 was resolved which provides a way to
mitigate the CRIME attack vulnerability by disabling TLS-level
compression. Use the new directive SSLCompression on|off to enable or
disable TLS-level compression, by default SSLCompression is turned on.
The updated packages have been upgraded to the latest 2.2.24 version
which is not vulnerable to these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true