Your PCI scanning software is broken, it is scanning for software version numbers instead of looking at specific package versions. See: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
For the specific CVE numbers you've mentioned: CVE-2010-0425 is a windows-specific vulnerability, it doesn't apply to Ubuntu CVE-2010-0434 is fixed already, see http://www.ubuntu.com/usn/usn-908-1/ CVE-2010-1452 is fixed already, see http://www.ubuntu.com/usn/usn-1021-1/ CVE-2010-1623 is fixed already, see http://www.ubuntu.com/usn/usn-1021-1/ CVE-2010-2068 is a windows-specific vulnerability, it doesn't apply to Ubuntu CVE-2011-0419 is fixed already, see http://www.ubuntu.com/usn/usn-1134-1/ CVE-2011-1928 is fixed already, see http://www.ubuntu.com/usn/usn-1134-1/ ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0425 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0434 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1452 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1623 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-2068 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0419 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1928 ** Visibility changed to: Public ** Changed in: apache2 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/827662 Title: PCI Security failure Apache 2.2.14 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/827662/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
