The PCI Security Standards Council has highly advised approved scanning vendors (ASV) to not consider this vulnerability when determining compliance of the ASV scan results, while some may report DoS vulnerabilities as relatively high risks. Loss of network availability from an attack such as DoS would not expose cardholder data to the risk of being compromised, so the vulnerability would not be relevant to a company’s compliance with the PCI DSS.
Would an identified Denial of Service (DoS) vulnerability affect my PCI Compliance Scan?
By Rhymetec