| Dart Home | PowerTCP WebServer for ActiveX | Custom Development | Reply | PowerTCP WebServer for ActiveX Topics | Forums |
| Author | Forum: PowerTCP WebServer for ActiveX Topic: Dart webserver reported as non-PCI compliant |
| chris@digitalinsights.com From: San Clemente, CA USA Posts: 73 Member Since: 11/03/03 |
posted September 4, 2008 6:36 PM Below is the error report we get back from a scanner that reports on PCI compliance. Is there a newer version that covers this or is there a way to deal with this? Thanks =============================================== Here is the information provided to us from a 3rd party PCI-DSS Approved Scanning Vendor for a level 3 merchant. Their company name is Trustwave: Preview Scan : Vulnerabilities By Device Jun 22, 2008 Confidential Information Severity: Mediuim Score: PCI 4.60 Port: tcp /82 Vulnerability: FrontPage Authoring The FrontPage extensions on this web server appear to allow remote authoring without authentication. This could allow anyone to make unauthorized modifications to your web site. Service: Dart WebServer Tool/1.0 CVE: CVE-1999-0508 NVD: CVE-1999-0508 Reference: http://office.microsoft.com/en-us/ork2000/ HA011381221033.asp x CVSSv2: AV:L/AC:L/Au:N/C:P/I:P/A:P (Base Score:4.60) Remediation Action: Only authorized personnel should be allowed to change the content of your web server. Reconfigure your web server to require authentication whenever the remote authoring capabilities of FrontPage are used. |
K M Drake From: Utica, NY USA Posts: 3406 Member Since: 07/14/00 |
posted September 24, 2008 9:41 AM Hi, Sorry, I do not know much about this. The scanner must think that Front Page extensions can be used to author your site hosted by the WebServer control. I assume this is based on the reply it sends to the scanner in response to its test. But it might also be confused in IIS is installed on the host. Do you know if IIS is installed on this machine? Do you know anything else about the scan process, and is it something you can test yourself? -ken |
| chris@digitalinsights.com From: San Clemente, CA USA Posts: 73 Member Since: 11/03/03 |
posted September 24, 2008 6:13 PM Here is the information about the frontpage authoring that seems to be causing the scan to produce this error: http://office.microsoft.com/en-us/ork2000/HA011381221033.aspx What do you think? |
| Reply | PowerTCP WebServer for ActiveX Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|