Scientific Linux Security Update : httpd on SL3.x i386/x86_64
Medium Nessus Plugin ID 60221
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available.
A flaw was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863)
SolutionUpdate the affected httpd, httpd-devel and / or mod_ssl packages.