PCI Compliance Fail - Ports 2083, 2087 and 2096

I get errors in a PCI compliance scan.

"OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities"

This happens on ports 2083, 2087, 2096 but not on 22 and 443.

When I run...

rpm -q --changelog openssl | grep -B 1 CVE-2002-0656

... I get nothing. I get nothing for that and numbers 2000-535, 2001-1141, 2002-0655, 2002-0656, 2002-0657 and 2002-0659

An openssl version check gives me this...

# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Some OS Info
2.6.32-042stab090.3 #1 SMP Fri Jun 6 09:35:21 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux

WHM version 11.44.1

So is this a false positive? Is there something I need to do to fix those ports? I just want to make sure I do this right before I submit a false positive report. I had received a similar warning for bind but I checked and bind comes back as patched so that one is ok.

 

403 Labs was used. Can you recommend another service I can use for verification purposes?

 

I checked ssh but the response included openSSL info.

# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

I believe the server runs CentOS 6.

Here is everything on the openSSL rpm.

# rpm -qi openssl
Name : openssl Relocations: (not relocatable)
Version : 1.0.1e Vendor: CentOS
Release : 16.el6_5.14 Build Date: Thu 05 Jun 2014 08:59:14 AM EDT
Install Date: Fri 06 Jun 2014 12:16:37 AM EDT Build Host: c6b8.bsys.dev.centos.org
Group : System Environment/Libraries Source RPM: openssl-1.0.1e-16.el6_5.14.src.rpm
Size : 4209656 License: OpenSSL
Signature : RSA/SHA1, Thu 05 Jun 2014 09:02:17 AM EDT, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem <http://bugs.centos.org>
URL : OpenSSL: The Open Source toolkit for SSL/TLS
Summary : A general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.