We are using Security Metrics scan to determine PCI compliance on our website, and it is coming up with the following two results.
TCP 8443 pcsync-https 7 We detected a vulnerable version of the DCShop CGI. This version does not properly protect user and credit card information. It is possible to access files that contain administrative passwords, [More]
TCP 8443 pcsync-https 4 'shopadmin.asp' is installed. Some versions of this script are vulnerable to SQL injection. Solution: Move to a different directory or use a different shopping cart. From VP-ASP 3.0 and higher set the following in shop\$config.asp const xAdminPage=youradminpagename.asp const xShowAdmin=No bugtraq id: 4861 Risk Factor: Medium BID : 4861
The trouble is the only thing running on port 8443 is Parallels Plesk Panel 10 for Linux, we do not even host either of the mentioned shopping carts. How can the scan be detecting something that is not even there?