troubleshooting Question

Why is a PCI Compliance Scan detecting phantom shopadmin.asp and DCShop CGI on Plesk Panel's port?

Avatar of leehanken
leehankenFlag for United Kingdom of Great Britain and Northern Ireland asked on
VulnerabilitiesWeb ServersLinux Security
2 Comments1 Solution2043 ViewsLast Modified:
We are using Security Metrics scan to determine PCI compliance on our website, and it is coming up with the following two results.

TCP      8443      pcsync-https      7       We detected a vulnerable version of the DCShop CGI. This version does not properly protect user and credit card information. It is possible to access files that contain administrative passwords, [More]

TCP      8443      pcsync-https      4       'shopadmin.asp' is installed. Some versions of this script are vulnerable to SQL injection. Solution: Move to a different directory or use a different shopping cart. From VP-ASP 3.0 and higher set the following in shop\$config.asp const xAdminPage=youradminpagename.asp const xShowAdmin=No bugtraq id: 4861 Risk Factor: Medium BID : 4861

The trouble is the only thing running on port 8443 is Parallels Plesk Panel 10 for Linux, we do not even host either of the mentioned shopping carts. How can the scan be detecting something that is not even there?
Michael Worsham
Cloud/Infrastructure Solutions Architect

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros