Kihaguru Gathura [pqscr...@gmail.com] wrote: > Hi, > > The message below refers. Has httpd met the particular requirement > 6.5.1 - 6.5.10 as shown? or is it a matter of further configuration. > > "Requirement 6.5 > Fingerprinted versions of web software used on the website may contain > publicly known vulnerabilities (cf. PCI DSS 6.5.1-6.5.10). Investigate > as soon as possible. > Misconfiguration or weakness" >
I have no idea what 6.5.1 - 6.5.10 of PCI DSS means because I don't even know where to find what is says. Your message suggests that there may or may not be a vulnerability, based on version numbers or other information obtained by this compliance scanner. Since nobody except you knows what software is running here, I'm not sure what to tell you. I don't think httpd itself has any known vulnerabilities, especially in a mostly default configuration. It's easy to introduce vulnerabilities. Chris
