PCI Compliance Issues - Connect IT Community

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .super-nav { display: flex; justify-content: flex-end; align-items: center; margin: 0 auto; max-width: 1264px; padding-left: 40px; padding-right: 40px; height: 40px; text-align: right; } .super-nav a { color: #34427c; margin-right: 20px; padding: 10px; text-decoration: none; } .super-nav a:hover, .super-nav a:focus { background-color: #f7f9fa; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 0; } .footer-image { background-image: url("/themes/kaseya/assets/images/footerImage.png"); height: 500px; background-repeat: no-repeat; background-size: cover; margin-top: -100px; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer-main-content { background-color: #000; padding: 100px 0; } .footer .footer-col-title { color: #ffffff; font-weight: 700; font-size: 13px; padding-bottom: 10px; text-transform: uppercase; } .footer .footer-link { color: #9b9ca0; text-decoration: none; } .footer .footer-link:hover, .footer .footer-link:focus, .footer .footer-link:active { text-decoration: underline; } .footer-main-content .footer-link { padding-top: 10px; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-main-content-row { align-items: flex-start; } .footer-bottom-content { padding: 10px; align-items: center; } .footer-col { padding: 0 3px; display: flex; flex-direction: column; } .footer-col-copyRight { justify-content: flex-start; color: #9b9ca0; flex: 1; display: flex; } .footer-last-col { flex-direction: row; } .footer-last-col .footer-link { padding-right: 10px; text-transform: uppercase; } @media screen and (max-width: 768px) { .super-nav { padding-right: 0; } .footer-image { height: 250px; } .footer-main-content { padding: 40px 0; } .footer .footer-col-title { padding-top: 10px; } .footer-row:not(.footer-main-content-row) { display: block; } .footer-col:not(.footer-main-content-col) { width: 100%; text-align: center; padding: 10px 0; } .footer-main-content-col { width: 50%; } .footer-last-col { flex-direction: column; } .footer-last-col .footer-link { padding-bottom: 10px; } } /*# sourceMappingURL=styles.css.map */ Ask the Community Groups

PCI Compliance Issues - Connect IT Community | Kaseya

SUMMARY

PCI Compliance Issues

ISSUE

The following table includes Apache and SSL related vulnerabilities that may also show up in a compliance report and resolutions.

Vulnerability	Resolution
Apache HTTPD: HTTP Trailers processing bypass (CVE-2013-5704)	This affects systems running mod_cgid. To disable this, log in to the appliance and use the following commands: sudo a2dismod cgid service apache2 restart If you need assistance accessing the VBA, contact support.
Apache HTTPD: mod_status buffer overflow (CVE-2014-0226)	Only vulnerable if system has public facing IP (which is not recommended).
Apache HTTPD: XSS due to unescaped hostnames (CVE-2012-3499)	Only vulnerable if using mod_ldap (UVB does not use this).
Apahe HTTPD: XSS in mod_proxy_balancer (CVE-2012-4558)	Only vulnerable if using mod_proxy_balancer (UVB does not use this).
OpenSSL SSL/TLS MITM vulnerability (CVE-2014-0224)	Upgrade OpenSSL to 1.0.1h. If you need assistance accessing the VBA, contact support.
TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566)	Only vulnerable if public facing ip and 10 to the power of 24 active connections.
Apache HTTPD: insecure LD_LIBRARY_PATH handling (CVE-2012-0883)	Vunerability requires public IP and root. Root is not enabled on VBA v6.x.
Apache HTTPD: mod_rewrite log escape filtering (CVE-2013-1862)	Only vulnerable if using mod_rewrite and SSL enabled (SSL is not enabled on the VBA by default).