PCI Compliance of a VPS. (Low and Medium Vulnerabilities).

  • Posted
  • Proposals 0
  • Remote
  • #22544
  • Expired
  • 0

Description

Experience Level: Expert
Hi All,

We have a VPS which after being scanned is shown as having the following vulnerabilites:-
8 x Low and
5 x Medium

I think that some may be false-positives and some are to do with Version Updates and some to do with the SSL configuration.

Here is a list:-

Apache 2.2.x Version Check
SSL Certificate Is Self-Signed
Unencrypted Login Information Disclosure
Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel
Web Application Cross Site Scripting
SSL Cert Mismatch
OpenSSL Multiple Vulnerabilities < 0.9.8d
Potentially Sensitive Persistent Cookie Used By Domain
OpenSSL ASN.1 Error Denial of Service
AutoComplete attribute is missing
OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
Icmp Timestamp Request Remote Date Disclosure
Excessive Open Ports Detected

I have an account with McAfee Secure so I can run server scans on demand and send you the full details.


Please quote for resolving the vulnerabilities and passing the Mcafee Server Scan.


Thanks

Nick

Clarification Board

    There are no clarification messages.