I used http://checkpcidss.com to check if my server is PCI Compliant. Server has been created using this tutorial (The Perfect Server - Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1) I have (5) FAILED statuses, any ideas or tutorials how to fix them? Thanks!!! Port - Service - Description - CVSS Base - CVSS Temporal - PCI Severity - Status 21 - FTP - FTP server allow plain text authentication - 6.4 - 5.5 - Medium - FAILED 25 - SMTP - SMTP server use Plain Text authentication. It is not secured and easy to capture passwors from network. - 5 - 3.6 - Medium - FAILED 80 - HTTP - Apache/2.4.10 - All Apache servers are vulnerable due to Partial HTTP Request Denial of Service Vulnerability. This is not fixed in any of apache server.A remote attacker can cause a denial of service against the Web server which would prevent legitimate users from accessing the site. Denial of service tools and scripts such as Slowloris takes advantage of this vulnerability. There are no vendor-supplied patches available at this time. To prevent this hack you can use a front end proxy like Nginx or lighttpd - 7.8 - 6.7 - High - FAILED 110 - POP3 - POP3 server use Plain Text authentication. It is not secured and easy to capture passwors from network. - 6.4 - 5.5 - Medium - FAILED 143 - IMAP - IMAP server use Plain Text authentication. It is not secured and easy to capture passwors from network. - 5.0 - 3.6 Medium - FAILED
