This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote SuSE 11 host is missing one or more security updates.
This collective update for Apache provides the following fixes :
- Make sure that input that has already arrived on the
socket is not discarded during a non-blocking read
(read(2) returns 0 and errno is set to -EAGAIN).
- Close the connection just before an attempted
re-negotiation if data has been read with pipelining.
This is done by resetting the keepalive status.
- Reset the renegotiation status of a client<->server
connection to RENEG_INIT to prevent falsely assumed
- 'OPTIONS *' internal requests are intercepted by a dummy
filter that kicks in for the OPTIONS method. Apple
iPrint uses 'OPTIONS *' to upgrade the connection to
TLS/1.0 following RFC 2817. For compatibility, check if
an Upgrade request header is present and skip the filter
if yes. (bnc#791794)
- Sending a MERGE request against a URI handled by
mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not
configured for DAV will trigger a segfault. (bnc#829056,
- Client data written to the RewriteLog must have terminal
escape sequences escaped. (bnc#829057, CVE-2013-1862)
See also :
Apply SAT patch number 8137 / 8138 as appropriate.
Risk factor :
Medium / CVSS Base Score : 5.1