One of our Nop sites is suddenly failing PCI DSS compliance. Can anyone help with these issues?
Title: ZixForum database accessible over web (ZixForum.mdb) Impact: Attackers may access (read or destroy) application information, and in worst cases may take administrative control of the application. Data Sent: GET /filenotfound.htm?aspxerrorpath=/cgi-bin/ZixForum.mdb HTTP/1.0 Host: inkredible.co.uk User-Agent: Mozilla/4.0 Connection: Keep-alive Cookie: Nop.customer=214401fe-0a3b-4f5a-a0a2-d584d8487122 Data Received: HTTP/1.1 200 OK Resolution: Download a fix for [http://www.john.mypc.nu/Zix/] ZixForum when one becomes available, or configure the web server to deny access to ZixForum.mdb files. Risk Factor: High/ CVSS2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Title: NewsTraXer database accessible over web (nTrax.mdb) Impact: Attackers may access (read or destroy) application information, and in worst cases may take administrative control of the application. Data Sent: GET /filenotfound.htm?aspxerrorpath=/cgi-bin/Dbase/nTrax.mdb HTTP/1.0 Host: inkredible.co.uk User-Agent: Mozilla/4.0 Connection: Keep-alive Cookie: Nop.customer=214401fe-0a3b-4f5a-a0a2-d584d8487122 Data Received: HTTP/1.1 200 OK Resolution: No vendor solution to the NewsTraXer problem was available at the time of this writing. It would be advisable to configure the web server to password protect the Dbase directory if possible, or to remove the software. Risk Factor: High/ CVSS2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Title: News database accessible over web (news.mdb) Impact: Attackers may access (read or destroy) application information, and in worst cases may take administrative control of the application. Data Sent: GET /filenotfound.htm?aspxerrorpath=/cgi-bin/news.mdb HTTP/1.0 Host: inkredible.co.uk User-Agent: Mozilla/4.0 Connection: Keep-alive Cookie: Nop.customer=214401fe-0a3b-4f5a-a0a2-d584d8487122 Data Received: HTTP/1.1 200 OK Resolution: To secure the Compulsive Media News database, configure the web server to deny access to the news.mdb file. Risk Factor: High/ CVSS2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)