Scientific Linux Security Update : httpd on SL4.x, SL5.x, SL6.x i386/x86_64
High Nessus Plugin ID 61126
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThe Apache HTTP Server is a popular web server.
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header. (CVE-2011-3192)
All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
SolutionUpdate the affected packages.