PCI DSS Compliance : Tests Requirements

medium Nessus Plugin ID 33931
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

Nessus is not properly configured for PCI DSS validation.

Description

The scan settings did not fulfill the PCI DSS scan validation requirements. Even if the technical tests passed, this report may be insufficient to certify this server. If you are scanning for PCI / ASV attestation, please contact the Tenable ASV team as soon as possible, as this finding can invalidate your scan.

Solution

If you are scanning for PCI / ASV attestation, please contact the Tenable ASV team as soon as possible, as this finding can invalidate your scan.

See Also

http://www.nessus.org/u?0afcd9a0

http://www.nessus.org/u?870f3331

Plugin Details

Severity: Medium

ID: 33931

File Name: pci_compliance_test_req.nbin

Version: 1.69

Type: summary

Published: 8/7/2008

Updated: 4/20/2021

Dependencies: pci_compliance.nbin, find_ap.nasl, torture_cgi_errors.nasl, torture_cgi_timeout.nasl, web_loadbalancer.nasl, external_svc_ident.nasl

Risk Information

CVSS Score Source: manual

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

Required KB Items: /tmp/PCIDSS/check_for_pci_dss