Author

Topic: CampBX Security Bug Update (Read 984 times)

sr. member
Activity: 431
Merit: 251
March 04, 2012, 06:49:24 PM
#2
Ha, nice.  Having this same issue right now with an e-comm site that I manage.  As you mentioned, seems red hat backports security fixes but doesn't change the version number.

Would think that with red hat being as popular as it is that McCaffee would handle this in their scanner, but no.
sr. member
Activity: 299
Merit: 250
March 04, 2012, 06:08:44 PM
#1
Hi all,
       The PCI security scan on CampBX identified a Linux/SSL-related vulnerability on our new server earlier this week.  This has caused us to lose the "PCI Compliant" status + logo temporarily.

After extensive testing our server administrators confirmed on Wednesday that this issue is a false positive.  The bug had been patched a long time ago but the version number was not updated, which caused the security scanner to throw a false positive.  Today McAfee's security team has verified and accepted our findings.  

It will take a couple of days to get the PCI certified status back, but we have been fully compliant and secure all along.

Thank you,
      Keyur

Jump to: