A PCI scan of my web site failed. What should I do?

In some cases, your PCI scan will fail because of a false positive report.  The following are known false positives on our shared system:

Web Application Installations: Some scans will conclude that a certain software package is installed in your website, such as Joomla, or Kayako eSupport, or PHproxy. If the report is correct and you or your webmaster have installed the software mentioned, you should contact the vendor or follow the recommended upgrade procedures. On the other hand, if the software does not exist anywhere in your site, then you should notify the security company that their scan produced a false positive.

Specific Vulnerability Reports: Many scan reports will include a "CVE #" along with each claimed vulnerability. Common false positives we've seen include:

If you have further questions about a security company's scan results after reviewing the above, please feel free to create a new ticket.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk