Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎10-07-2013

PCI DSS Vulnerability on DS 300

Dears

Recently concluded VA  shows that our 2 Fabrics (DS 300 ) which have the following vulnerabilities

57792 (2) - Apache HTTP Server httpOnly Cookie Information Disc

And the Auditor is recommending to upgrade the Apache version to the latest

Would appreciate if somebody could provide their experience or their suggestion In this regard.

Best regards

Super Contributor
Posts: 445
Registered: ‎04-08-2009

Re: PCI DSS Vulnerability on DS 300

What version of FOS are you running ?

Regards,

Mike Eversole
Brocade Community Manager
New Contributor
Posts: 2
Registered: ‎10-07-2013

Re: PCI DSS Vulnerability on DS 300

Hi Mike

Thanks for the reply

The FOS version is 6.1.0j

Thanks

Super Contributor
Posts: 445
Registered: ‎04-08-2009

Re: PCI DSS Vulnerability on DS 300

Hi Muraleedaran.  You are very welcome.  So in handling vulnerability assessments, you have to really educate yourself as, even though a device has been flagged, in many cases, isn't pertinent to the environment.  So the reason I'm mentioning this, I've dealt with hundreds of vulnerability assessments where individuals panic (not implying you are of course) because of the vulnerability reports, but never stopped to really find out if they are truly vulnerable.  Now that being said, here's what I have for you...

Here is a similar thread that asked the same question.  You can review at: 

Now here are the Apache version used in FOS...

FOS version:  6.1.0j          / Apache version used:  1.3.31

FOS version:  6.4 (and up) / Apache version used:  2.0.50

So from v6.4 up to v7.2, Apache 2.0.50 is used.  Let me know if more information is needed.

Regards,

Mike Eversole
Brocade Community Manager

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.