Apache CVE-2008-2168 PCI Compliance

sparek-3

Well-Known Member
Aug 10, 2002
2,113
252
388
cPanel Access Level
Root Administrator
I am running into an issue with our server and a client trying to get PCI clearance.

The PCI scan is saying that the server is affected by the vulnerability outlined by CVE-2008-2168.

However Apache does not believe that this is a vulnerability and they have not fixed it (and reading between the lines, they will never fix it since they don't think it's a web server bug).

The PCI compliance department is not helping at all with this.

How are you suppose to apply a fix for a vulnerability that doesn't exist?

Has anybody else run into this issue?
 

sirdopes

Well-Known Member
PartnerNOC
Sep 25, 2007
141
0
66
What version of apache are you using? It looks like it is just an issue in version less than 2.2.6.