Community Forums
Connect with us on LinkedIn
PCI Compliance Issue
  
+ Reply to Thread
Results 1 to 5 of 5
  1. 05-14-2008 05:06 AM #1
    KrystalS
    KrystalS is offline
    Member
    Join Date
    Mar 2004
    Location
    UK
    Posts
    36

    Default PCI Compliance Issue

    Hello,

    We've been trying to get a number of servers PCI compliant, and have managed to fix everything except for one error ( it appears twice once on port 443 and once on port 80 ).

    I have tried using every version of Apache that EasyApache offers, but always get the same error.

    Has anyone else found a fix for this ?

    Synopsis : The remote web server is prone to cross-site scripting attacks. Description : The remote host is running a web server that fails to adequately sanitize request strings of malicious Javascript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Solution: Contact the vendor for a patch or upgrade. Risk Factor: Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 BID : 5305, 7344, 7353, 8037, 14473, 17408 Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469
    Reply With Quote Reply With Quote
  2. 05-15-2008 03:51 AM #2
    nickp666
    nickp666 is offline
    Member
    Join Date
    Jan 2005
    Location
    /dev/null
    Posts
    770
    Send a message via MSN to nickp666 Send a message via Skype™ to nickp666

    Default

    That looks like there are vulnerable scripts on the site you are checking oposed to the apache configuration, I would check over the site you are testing before changing anything else
    My Site
    Free web based RBL checker
    XBOX 360 Mods
    Reply With Quote Reply With Quote
  3. 05-15-2008 01:24 PM #3
    tkerns
    tkerns is offline
    Member tkerns's Avatar
    Join Date
    Jun 2007
    Posts
    33

    Default

    Depending on the pci scanning company you use, many will tell you exactly what page/form they discovered the cross site scripting vulnerability in.
    Reply With Quote Reply With Quote
  4. 05-24-2008 09:19 PM #4
    bls24
    bls24 is offline
    Member
    Join Date
    May 2007
    Posts
    78

    Default

    Does your PCI tester also suggest an Apache upgrade to Apache2, citing 1.3x unstable? (Mine did)

    And yet the management company I previously use states Apache2 isn't stable with cpanel just yet (is there any truth to this or just paranoia)?
    I'm going to guess it's just paranoia.. as it looks as though cpanel.net is on 2.0.63 ...

    Nevertheless, I'm curious as to why my PCI test claims so many holes in 1.3.41 due to mostly OpenSSL and such.
    Reply With Quote Reply With Quote
  5. 05-27-2008 02:16 AM #5
    nickp666
    nickp666 is offline
    Member
    Join Date
    Jan 2005
    Location
    /dev/null
    Posts
    770
    Send a message via MSN to nickp666 Send a message via Skype™ to nickp666

    Default

    And yet the management company I previously use states Apache2 isn't stable with cpanel just yet (is there any truth to this or just paranoia)?
    Pure BS, apache 2 support in cPanel is stable, has been for a long time
    My Site
    Free web based RBL checker
    XBOX 360 Mods
    Reply With Quote Reply With Quote
«   Edit document root of an addon domain | makecpphp and IMAP »     
Similar Threads & Tags
Similar threads

  1. Internal Relay PCI Compliance Issue
    By angst7 in forum E-mail Discussions
    Replies: 4
    Last Post: 09-22-2011, 11:55 PM
  2. CSF question (mostly) - Why open 3306 for outbound connections? PCI compliance issue.
    By jols in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 07-19-2011, 09:01 PM
  3. Internal Relay PCI Compliance Issue
    By angst7 in forum Security
    Replies: 1
    Last Post: 11-12-2010, 01:47 PM
  4. PCI Compliance Issue SSLv2 port 2078
    By kejebe in forum Security
    Replies: 1
    Last Post: 08-02-2010, 08:15 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube