@seth-arnold,
You are talking about a different type of vulnerability scanning that is
not part of the Qualys service in question (External vulnerability scan,
"black box" scan methodology). PCI DSS also mandates regular internal
scans and penetration tests. Qualys, as well as other vendors provid
@Seth Arnold,
Qualys automated vulnerability scanner is not supposed to do any
penetration testing, including vulnerability exploitation attempts as it
is ran unattended so must not create any risks of DoS. Trying to exploit
some vulnerabilities can jeopardize production systems. This way, such
no
@root (mysky),
You don't need any scripts. Referring to a vendor's documentation
(https://usn.ubuntu.com/3809-1/ in this case) is usually enough.
See also:
https://pci.qualys.com/static/help/merchant/false_positives/submit_false_positive_requests.htm
--
You received this bug notification becaus
@root (mysky),
Qualys is slow to fix their detection algorithm. You just need to provide them
with False Positive report citing the vendor documentation
(https://usn.ubuntu.com/3809-1/).
Faking software version is the last thing someone should do to be PCI DSS
compliant.
--
You received this
Is there a way to review CVE-2016-10009 priority in Ubuntu?
According to https://www.cvedetails.com/cve/CVE-2016-10009/ it has CVSS
Score of 7.5 (High) and is easily exploitable. It is a remote code
execution vulnerability in one of the components (openssh server) that
are commonly exposed to outs
5 matches
Mail list logo
