My client is trying to get PCI compliant, but is failing on the error below:
Synopsis : The remote host has an application that is affected by an information disclosure vulnerability. Description : The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to make better attacks against the remote server. Solution: None at this time Risk Factor: Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) Other references : OSVDB:54010
I am running the site on a windows 2008-based virtual private server, so I can configure the server as required. The file sgdynamo.exe is NOT on the server, and CGI is turned off.
The host says the problem is in my classic ASP code, but since I never use CGI or sgdynamo.exe, I havent a clue what to look for.
Do you know what I can do to get around this error and get PCI compliant?