I have a new install of Server 2012R2 and Exchange 2013 (no edge server roll installed and nothing else installed on this machine). We are failing our PCI compliance testing with the following failures:
osCommerce allowscross-site scripting
CVE-2003-1219
server is susceptible toBEAST attack
CVE-2011-3389server is susceptible to SSL POODLE attack
CVE-2014-3566I have disabled the reg key for SSL 3.0 server, and I am still failing the POODLE vuln. Can anyone help me with getting past these issues?