The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache CVE-2008-2168 PCI Compliance

Discussion in 'Security' started by sparek-3, Oct 18, 2011.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I am running into an issue with our server and a client trying to get PCI clearance.

    The PCI scan is saying that the server is affected by the vulnerability outlined by CVE-2008-2168.

    However Apache does not believe that this is a vulnerability and they have not fixed it (and reading between the lines, they will never fix it since they don't think it's a web server bug).

    The PCI compliance department is not helping at all with this.

    How are you suppose to apply a fix for a vulnerability that doesn't exist?

    Has anybody else run into this issue?
     
  2. sirdopes

    sirdopes Well-Known Member
    PartnerNOC

    Joined:
    Sep 25, 2007
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    What version of apache are you using? It looks like it is just an issue in version less than 2.2.6.
     
  3. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Set AddDefaultCharset on httpd.conf
     
Loading...

Share This Page