Scientific Linux Security Update : httpd on SL4.x, SL5.x, SL6.x i386/x86_64

High Nessus Plugin ID 61126


The remote Scientific Linux host is missing one or more security updates.


The Apache HTTP Server is a popular web server.

A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192)

All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 61126

File Name: sl_20110831_httpd_on_SL4_x.nasl

Version: $Revision: 1.10 $

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2015/01/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/08/31

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-3192