Results 1 to 1 of 1
Nov 19, 2011, 09:48 #1
- Join Date
- Feb 2008
- 0 Post(s)
- 0 Thread(s)
Site was deemed by trustwave not pci compliant ... help!
I am hosted by rackspace, the site is an oscommerce based site with authorize.net as the processor. It makes no sense though because I have other sites that are fine, and I'm sure that there are thousands of sites like mine on the rackspace network. Here is an error in the fail report that they are saying:
There exists a buffer overflow vulnerability in the mod_rewrite module of Apache HTTP Server. The vulnerability is caused by an off-by-one error which occurs during the processing of LDAP URLs. A remote anonymous attacker may exploit this vulnerability to execute arbitrary code in the context of the web server. Apache HTTP Server 1.3 versions from 1.3.28 to 1.3.36, Apache HTTP Server 2.0 versions from 2.0.46 to 2.0.58, and Apache HTTP Server 2.2 versions from 2.2.0 to 2.2.2 are affected.
Has anyone run into this before? Rackspace won't upgrade apache because it is on their 'cloud sites' platform, like most of their other sites. It is important to note that I am running mod_rewrite to rename the pages from something like product.php?id=23904 to product-a.html - I removed this code, re-scanned and it would tell me the same thing.
Any help, GREATLY appreciated.