This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Multiple vulnerabilities has been discovered and corrected in
It was found that mod_wsgi did not properly drop privileges if the
call to setuid\(\) failed. If mod_wsgi was set up to allow
unprivileged users to run WSGI applications, a local user able to run
a WSGI application could possibly use this flaw to escalate their
privileges on the system (CVE-2014-0240).
It was discovered that mod_wsgi could leak memory of a hosted web
application via the Content-Type header. A remote attacker could
possibly use this flaw to disclose limited portions of the web
application's memory (CVE-2014-0242).
The updated packages have been patched to correct these issues.
See also :
Update the affected apache-mod_wsgi package.
Risk factor :
Medium / CVSS Base Score : 6.2
CVSS Temporal Score : 5.4
Public Exploit Available : true