mod_ssl 2.8.xx and PCI

The Mod_ssl 2.8.x issue which is affecting your PCI compliance is a false positive as far as our servers are concerned. We run Apache 2.2.x on our servers which has inbuilt mod_ssl support and the version of mod_ssl is same as what we have for Apache due to this.

The mod_ssl official site is http://www.modssl.org/ and you can see that there is no mod_ssl version available for Apache 2.x or 2.2.x at this time. The mod_ssl 2.8.xx versions are all available for a much older version of Apache (i.e 1.3.xx). You need to file in a false positive report for this issue with your PCI scanning company for this issue.

Was this answer helpful?

 Print this Article

Also Read

It’s a trap! Phishing Scams and Malware

Phishing scams and malware infected sites are some of the many problems that the Abuse &...

What happens to someone abusing system resources?

The offending site will be suspended and the owner will be given an opportunity to fix the...

SQL injection, insertion

SQL injection is an attack where malicious code is passed to an SQL Server for execution. The...

How to handle the Google Attack Page?

When you see the dreaded Google attack site warning, you should immediately submit a...