Our web site domain was scanned by https://www.securitymetrics.com/ (on behalf of Braintree) and found the old Linux version vulnerability (it is marked as Top (10) score vulnerability).
CPE Based Vulnerabilities for Linux 2.6.18 - 2.6.22
Apply the latest vendor patches to your operating system: Linux 2.6.18 - 2.6.22
CVE-2009-0065 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2008-4395 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C
CVE-2009-1439 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
CVE-2009-3280 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C
…
We must fix this issue because it is required by Braintree.
All our web servers use Linux Kernel 3.1+ and probability the security scanner cannot scan our servers behind the Cloudflare.
Is it possible the Cloudflare uses this old Linux 2.6.18 - 2.6.22 ? How can we fix it?
Thank you!