Server 2012 with IIS 6.2 and so far I've taken care of all the issues except two for them to be PCI compliant.

Here are the two looming failures.

server is susceptible to BEAST attack 443/tcp
PCI COMPLIANCE STATUS
PCI Severity: MEDIUM
FAIL
VULNERABILITY DETAILS
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Severity: potential
Category: Browser Exploit against SSL TLS
CVE ID: CVE 2011-3389
Bugtraq ID: 49388 49778
OSVDB: 74829
Microsoft references: MS12-006
Vendor references: CERT:TA12-010A CERT-VN:VU#864643 HP:HPSBMU02900
UBUNTU:USN-1263-1 SECTRACK:1026103 SECTRACK:1025997
SECTRACK:1029190 BID:49778 BID:49388 REDHAT:RHSA-2012:0006
REDHAT:RHSA-2011:1384 MS:MS12-006 GENTOO:GLSA-201406-32

------------------------------------------------------

osCommerce allows cross-site scripting 443/tcp
PCI COMPLIANCE STATUS
PCI Severity: MEDIUM
FAIL SQL/XSS/SSL vulnerabilities are not PCI compliant
VULNERABILITY DETAILS
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Severity: concern
Category: Cross site scripting
CVE ID: CVE 2003-1219
Bugtraq ID: 9238
OSVDB: -
Microsoft references: -
Vendor references: BID:9238
Details: Cross-site scripting (XSS) vulnerability in the tep_href_link function in
html_output.php for osCommerce before 2.2-MS3 allows remote