After bringing up an Agent Handler (ePO 4.6.4) in our DMZ, it fails PCI scans with "Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability".
Has anyone had any luck remediating this vulnerability.
Hi drugalmcraven ypu should try to upgrade your ePO server and Agent Handler to patch 6 as it solved some different security issues
Edit: I think it doesn' affect ePO's Apache https://kc.mcafee.com/corporate/index?page=content&id=KB75481
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC