PCI DSS Compliance - Information Leakage

info Nessus Plugin ID 124761

Synopsis

The remote host has been found to be COMPLIANT with the PCI DSS external scanning requirements.

Description

The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide (version 4.0). These information leakage issues include one or more of the following :

- Detailed application error messages

- Backup script files (for example,home.asp.bak, index.jsp.old, etc.)

- Include file source code disclosure

- Insecure HTTP methods enabled

- WebDAV or FrontPage extensions enabled

- Default web server files

- Testing and diagnostics pages (for example,phpinfo.html, test-cgi, etc.

Details of the failed items may be found in the 'Output' section of this plugin result.

Solution

Ensure compliance with PCI DSS Approved Scanning Vendors Program Guide (version 4.0)

See Also

https://www.pcisecuritystandards.org

Plugin Details

Severity: Info

ID: 124761

File Name: pci_compliance_info_leakage.nbin

Version: 1.45

Type: summary

Published: 5/10/2019

Updated: 7/17/2024

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: /tmp/PCIDSS/check_for_pci_dss