Posts tagged 8443
PCI Scan – Plesk PHP easter egg issue
Jun 25th
PCI Scan – Plesk PHP easter egg issue
If your PCI scan reports the following:
Port: 8443
Synops is: The configuration of PHP on the remote host allows disclosure of sensitive
information.
PCI Compliance Expect Header Cross-Site Scripting Vulnerability (8443, plesk)
Feb 22nd
PCI compliance Expect Header Cross-Site Scripting Vulnerability
If you get the following warning in a PCI scan:
Security warning found on port/service "pcsync-https (8443/tcp)" Plugin "Expect Header Cross-Site Scripting Vulnerability" Category "CGI abuses : XSS " Priority "Medium Priority "Synopsis : The remote web server is vulnerable to a cross-site scripting attack. Description : The remote web server fails to sanitize the contents of an 'Expect' request header before using it to generate dynamic web content. An unauthenticated remote attacker may be able to leverage this issue to launch cross-site scripting attacks against the affected service, perhaps through specially-crafted ShockWave (SWF) files More >
PCI Compliance for Plesk (linux)
Dec 23rd
PCI Scanning stands for “Payment Card Industry” scanning. It involves having a PCI ASV (Approved Scanning Vendor) scan any and all IP addresses that the public has access to, related to your website or your site’s transaction process.
The following guide assumes you are working with a Plesk 8.6 (or above) installation on RedHat Enterprise or CentOS Linux. You will need shell / root access to your server running Plesk, if you do not have shell / root access then you will need to ask your server hosts to make the changes.
WARNING:This document does not serve as a comprehensive source for PCI compliance advice. The reader is expected to have some basic systems administration experience. Do not copy and paste examples directly from this document without first understanding their implications.
