This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
The following packages have been upgraded to a newer upstream version:
Security Fix(es) :
- An input-validation flaw was discovered in the Go
programming language built in CGI implementation, which
set the environment variable 'HTTP_PROXY' using the
incoming 'Proxy' HTTP-request header. The environment
variable 'HTTP_PROXY' is used by numerous web clients,
including Go's net/http package, to specify a proxy
server to use for HTTP and, in some cases, HTTPS
requests. This meant that when a CGI-based web
application ran, an attacker could specify a proxy
server which the application then used for subsequent
outgoing requests, allowing a man-in- the-middle attack.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8