QUESTION
I just received a report from a PCI vender for my server and there are several failures listed. What can I do?
Answer
First, don't panic. These are common and many times they are false positives. Below we have created several articles that can help you either properly configure your server or can help you file a false-positive claim with the PCI Vendor in question.
PCI Failure Report On CVE Vulnerabilities
PCI Failure Insecure Configuration of Cookie Attributes
PCI Failure Mail Server Accepts Plaintext Credentials
PCI Failure Weak SSH Hashing and Weak Key Exchange Algorithms Supported
PCI - Failure Report On Exim Vulnerabilities
PCI - Failure Exim CVE-2021-38371 STARTTLS