Mike Tancsa
2017-Sep-05 19:15 UTC
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc
I have been testing a box against the qualys PCI scanner. For whatever reason, RELENG 10 comes up vulnerable still to CVE-2004-0230 Any idea why this might show as being an issue still ? Is it an issue or just a false positive ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Dan Lukes
2017-Sep-06 15:02 UTC
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc
Mike Tancsa wrote:> I have been testing a box against the qualys PCI scanner. For whatever > reason, RELENG 10 comes up vulnerable still to > CVE-2004-0230 > > Any idea why this might show as being an issue still ? Is it an issue or just a false positive ?I can't judge it as I know neither details of particular test nor why Qualys consider it failing. You should contact Qualys for details. All I can tell is - the Commodo's PCI DSS scanner doesn't claim latest 10.3-RELEASE vulnerable to CVE-2004-0230. No specific configuration has been necessary for such result. Dan