PCI
How to configure Microsoft IIS to not accept SSLv2 connections
Jun 30th
Had this pop up on a PCI scan on one of the windows servers I look after with a plesk control panel. The report was moaning about SSLv2 being enabled, below is the actual report
More >
PCI Scan – Plesk PHP easter egg issue
Jun 25th
PCI Scan – Plesk PHP easter egg issue
If your PCI scan reports the following:
Port: 8443
Synops is: The configuration of PHP on the remote host allows disclosure of sensitive
information.
PCI Compliance Expect Header Cross-Site Scripting Vulnerability (8443, plesk)
Feb 22nd
PCI compliance Expect Header Cross-Site Scripting Vulnerability
If you get the following warning in a PCI scan:
Security warning found on port/service "pcsync-https (8443/tcp)" Plugin "Expect Header Cross-Site Scripting Vulnerability" Category "CGI abuses : XSS " Priority "Medium Priority "Synopsis : The remote web server is vulnerable to a cross-site scripting attack. Description : The remote web server fails to sanitize the contents of an 'Expect' request header before using it to generate dynamic web content. An unauthenticated remote attacker may be able to leverage this issue to launch cross-site scripting attacks against the affected service, perhaps through specially-crafted ShockWave (SWF) files More >
