PCI Compliance Issues
Posted: Fri Jul 10, 2015 6:03 pm
Hi
We are having our servers tested for PCI compliance so that we can be authorized to handle Credit Card transactions. As a result of the scans the TSPlus web server fails on a number of issues and I am wondering whether there are fixes for these issues or settings that I can change.
1) web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1700 (Cross Scripting)
2) POODLE (Won't be an issue if we disable SSL 3.0)
3) SSL encryption of any kind should not be used instead only TLS 1.0 or higher
4) Plain text authentication on forms. It needs to enforce https:
5) Need to enforce NLA on port 3389.
Thanks,
Simon
We are having our servers tested for PCI compliance so that we can be authorized to handle Credit Card transactions. As a result of the scans the TSPlus web server fails on a number of issues and I am wondering whether there are fixes for these issues or settings that I can change.
1) web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1700 (Cross Scripting)
2) POODLE (Won't be an issue if we disable SSL 3.0)
3) SSL encryption of any kind should not be used instead only TLS 1.0 or higher
4) Plain text authentication on forms. It needs to enforce https:
5) Need to enforce NLA on port 3389.
Thanks,
Simon