One of our clients is complaining of a PCI compliance issue on their Sitefinity 3.7 site.
Here is the info that the scan is giving us:
3 Syntax Error Occurred port 80/tcp
Scan Results page 17
QID: 150022 CVSS Base: 7.5 PCI Severity:
Category: Web Application CVSS Temporal: 6.8
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Last Update: 01/16/2009
A test payload generated a syntax error within the Web application. This often points to a problem with input validation routines or lack of filters on
A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the Web application.
The Web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content
received from the client (i.e. Web browser) should be validated to an expected format or checked for malicious content.
matched: rors> tag should then have its "mode" attribute set to "Off".
<table width=100% bgcolor="#ffffcc">
<!-- Web.Config Configuration File -->
Any suggestions on how to resolve this?