Ask the Community
Groups
PCI Compliance Issues - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="summary"><strong>SUMMARY</strong></h2> <p>PCI Compliance Issues</p> <h2 data-id="issue"><strong>ISSUE</strong></h2> <p></p> <p>The following table includes Apache and SSL related vulnerabilities that may also show up in a compliance report and resolutions.</p> <table><tbody><tr><td colspan="1" rowspan="1"> <p><strong>Vulnerability</strong></p> </td> <td colspan="1" rowspan="1"> <p><strong>Resolution</strong></p> </td> </tr><tr><td colspan="1" rowspan="1"> <p>Apache HTTPD: HTTP Trailers processing bypass (CVE-2013-5704)</p> </td> <td colspan="1" rowspan="1"> <p>This affects systems running mod_cgid. To disable this, log in to the appliance and use the following commands:</p> <p><br> sudo a2dismod cgid<br> service apache2 restart<br> </p> <p>If you need assistance accessing the VBA, contact support.</p> </td> </tr><tr><td colspan="1" rowspan="1"> <p>Apache HTTPD: mod_status buffer overflow (CVE-2014-0226)</p> </td> <td colspan="1" rowspan="1">Only vulnerable if system has public facing IP (which is not recommended).<br> </td> </tr><tr><td colspan="1" rowspan="1"> <p>Apache HTTPD: XSS due to unescaped hostnames (CVE-2012-3499)</p> </td> <td colspan="1" rowspan="1">Only vulnerable if using mod_ldap (UVB does not use this).<br> </td> </tr><tr><td colspan="1" rowspan="1">Apahe HTTPD: XSS in mod_proxy_balancer (CVE-2012-4558)<br> </td> <td colspan="1" rowspan="1">Only vulnerable if using mod_proxy_balancer (UVB does not use this).</td> </tr><tr><td colspan="1" rowspan="1">OpenSSL SSL/TLS MITM vulnerability (CVE-2014-0224)</td> <td colspan="1" rowspan="1"> <p>Upgrade OpenSSL to 1.0.1h.</p> <p>If you need assistance accessing the VBA, contact support.</p> </td> </tr><tr><td colspan="1" rowspan="1"> <p>TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566)</p> </td> <td colspan="1" rowspan="1">Only vulnerable if public facing ip and 10 to the power of 24 active connections.</td> </tr><tr><td colspan="1" rowspan="1">Apache HTTPD: insecure LD_LIBRARY_PATH handling (CVE-2012-0883)</td> <td colspan="1" rowspan="1">Vunerability requires public IP and root. Root is not enabled on VBA v6.x.</td> </tr><tr><td colspan="1" rowspan="1">Apache HTTPD: mod_rewrite log escape filtering (CVE-2013-1862)</td> <td colspan="1" rowspan="1">Only vulnerable if using mod_rewrite and SSL enabled (SSL is not enabled on the VBA by default).</td> </tr></tbody></table><p> </p> </article> </main>