A BEAST Vulnerability requires certain conditions in order to be a real risk.  The conditions are described in RedHat's CVE-2011-3389 in detail.  The important part is that our servers use none of these.  Which means that this vulenrability does not apply.

Unfortunately,  the PCI scanners (Trustwave, ScanAlert, McAfee, etc...) don't know that.  So you, as the merchant account holder, need to let them know that by submitting a Dispute to your scan.

So - if your PCI scan failed due to a BEAST vulenrability, you would need to submit a dispute with the scanning authority which states the following:

For the BEAST vulnerability to be legitimate, the server must have the conditions described in RedHat's CVE-2011-3389 (see https://access.redhat.com/security/cve/CVE-2011-3389 ).  None of these are used in our website.  Therefore, this is a false positive which does NOT apply to our website.  Please notate our account accordingly so that we do not have to go through this in future scans,


Thank you in advance.