Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Apache CVE-2008-2168 PCI Compliance

Discussion in 'Security' started by sparek-3, Oct 18, 2011.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,649
    Likes Received:
    73
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    I am running into an issue with our server and a client trying to get PCI clearance.

    The PCI scan is saying that the server is affected by the vulnerability outlined by CVE-2008-2168.

    However Apache does not believe that this is a vulnerability and they have not fixed it (and reading between the lines, they will never fix it since they don't think it's a web server bug).

    The PCI compliance department is not helping at all with this.

    How are you suppose to apply a fix for a vulnerability that doesn't exist?

    Has anybody else run into this issue?
     
  2. sirdopes

    sirdopes Well-Known Member
    PartnerNOC

    Joined:
    Sep 25, 2007
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    66
    What version of apache are you using? It looks like it is just an issue in version less than 2.2.6.
     
  3. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    175
    Likes Received:
    9
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Set AddDefaultCharset on httpd.conf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice