Global Payment Vulnerability Scan - Failed, Need support
Need Answer
I just received our first failed vulnerability scan and am not sure how to remedy it, as nothing has been changed recently. Here are the vulnerabilities:
TCP Sequence Number Approximation Based Denial of Service
SSL Certificate - Invalid Maximum Validity Date Detected
| SSL Certificate - Improper Usage Vulnerability |
SSL Certificate - Signature Verification Failed Vulnerability
SSL Certificate - Subject Common Name Does Not Match Server FQDN
SHA1 deprecated setting for SSH
SSL Certificate - Self-Signed Certificate
SHA1 deprecated setting for SSH
Any help would be greatly appreciated!
The same question Access denied
You can respond with this:
The SSL certificate for the actual website is correctly installed and valid.
The scanner appears to have tested the server's IP address directly (https://<IP>;), which is not a valid way to access the website and is not how users or clients reach the service.
Because public Certificate Authorities do not issue certificates for raw IP addresses, it's not possible to present a valid SSL certificate for the IP.
This finding does not represent a security risk, since the IP address is not intended to serve content directly and is not part of the production hostname configuration.
Please treat this finding as a false positive or informational item.
You can respond with this:
The SSL certificate for the actual website is correctly installed and valid.
The scanner appears to have tested the server's IP address directly (https://<IP>;), which is not a valid way to access the website and is not how users or clients reach the service.
Because public Certificate Authorities do not issue certificates for raw IP addresses, it's not possible to present a valid SSL certificate for the IP.
This finding does not represent a security risk, since the IP address is not intended to serve content directly and is not part of the production hostname configuration.
Please treat this finding as a false positive or informational item.
I did False Positive on all the items above and was sent back a request for more details on:
I did False Positive on all the items above and was sent back a request for more details on:
Replies have been locked on this page!