On 2016-Sep-21 14:45, Eero Volotinen wrote:
https://pci.qualys.com/static/help/merchant/questionnaires/compensating_cont...
Eero
Well, I was hoping to get some ideas for compensating controls in this case. Anyhow, I just added mb_strcut() to disable_functions. I'll be able to live without it.
2016-09-21 14:02 GMT+03:00 Прокси proxy-one@mail.ru:
Hello,
My server with CentOS 6.8 just failed PCI scan, so I'm looking into vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of them are fixed/patched or have some kind of workaround. But I can't find a way to fix this one. Red Hat state: under investigation.
https://access.redhat.com/security/cve/cve-2016-4073
This CVE is 6 months old, and it doesn't look like it will be fixed. Does anyone knows the way to go around this? Except blocking mb_strcut() function.
Thanks! _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos