Search Results

Follow the steps below to remediate this finding on Windows. Block ICMP timestamp requests using Windows Firewall.Open Windows Firewall with Advanced Security.Create a new Inbound Rule:Rule Type: CustomProtocol and Ports: ICMPv4, Specific types: Timestamp Requ...

Follow the steps below to remediate this finding on Microsoft IIS webserver. In IIS Manager, select your site and open Error Pages.For each error code (especially 500), set the error response to a custom static HTML page that does not reveal internal details.I...

Follow the steps below to remediate this finding on Nginx webserver. Disable PHP error display in php.ini:display_errors = Offdisplay_startup_errors = Offlog_errors = Onerror_log = /var/log/php_errors.logConfigure custom error pages in nginx.conf:error_page 50...

Follow the steps below to remediate this finding on Apache webserver. Disable PHP error display in php.ini or via .htaccess:php_flag display_errors off php_flag log_errors on php_value error_log /var/log/php_errors.logConfigure custom error pages:ErrorDocument...

Follow the steps below to remediate this finding on WordPress. In wp-config.php, disable debug output:define('WP_DEBUG', false); define('WP_DEBUG_DISPLAY', false); define('WP_DEBUG_LOG', false);Ensure no error output plugins (e.g., Debug Bar) are active in pro...

Follow the steps below to remediate this finding on Joomla. In the Joomla Administrator panel, go to System > Global Configuration > Server tab.Set Error Reporting to None.Click Save.

Follow the steps below to remediate this finding on Drupal. Go to Administration > Configuration > Development > Logging and errors.Set "Error messages to display" to None.Save the configuration.

Follow the steps below to remediate this finding on Linux (Debian/Ubuntu). For Postfix, restrict relay access in /etc/postfix/main.cf:smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destinationSet your trusted network:myn...

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux). For Postfix on RHEL/CentOS, edit /etc/postfix/main.cf:smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destinationRestart Postfix:sudo syst...

Follow the steps below to remediate this finding on Windows. For Microsoft Exchange, open the Exchange Admin Center.Go to Mail flow > Receive connectors.Select each connector and verify the Permission groups do not include Anonymous users for relay.For IIS SMT...

Follow the steps below to remediate this finding on Generic / Developer guidance. NAT-PMP (Port Mapping Protocol) allows devices on the local network to automatically configure port forwarding on NAT gateways. If detectable from a remote network, the gateway i...

Follow the steps below to remediate this finding on Linux (Debian/Ubuntu). Update OpenSSH to the latest available version:sudo apt update sudo apt upgrade openssh-serverVerify the installed version:ssh -VIf the distribution repositories do not provide a patche...

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux). Update OpenSSH via the package manager:sudo yum update openssh-server # RHEL/CentOS 7 sudo dnf update openssh-server # RHEL/CentOS 8+ / AlmaLinuxVerify the installed ver...

Follow the steps below to remediate this finding on Windows. For Windows Server with OpenSSH (Win32-OpenSSH), update via the optional features:Settings > Apps > Optional features > OpenSSH Server > ModifyOr use PowerShell to install the latest version from Git...

Follow the steps below to remediate this finding on Linux (Debian/Ubuntu). Update OpenSSH to the latest available version:sudo apt update sudo apt upgrade openssh-serverVerify the installed version:ssh -VIf the distribution does not yet provide 9.6+, use backp...

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux). Update OpenSSH via the package manager:sudo yum update openssh-server # RHEL/CentOS 7 sudo dnf update openssh-server # RHEL/CentOS 8+ / AlmaLinuxVerify the installed ver...

Follow the steps below to remediate this finding on Windows. Update Win32-OpenSSH to a version >= 9.6 via optional features or by downloading the latest release from the official Win32-OpenSSH GitHub releases page and running the MSI installer.Restart the sshd...

Follow the steps below to remediate this finding on Linux (Debian/Ubuntu). Update OpenSSL to the latest patched version:sudo apt update sudo apt upgrade openssl libssl3Verify the installed version:openssl versionRestart services that depend on OpenSSL (e.g., A...

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux). Update OpenSSL via the package manager:sudo yum update openssl # RHEL/CentOS 7 sudo dnf update openssl # RHEL/CentOS 8+ / AlmaLinuxVerify the installed version:openssl v...

Follow the steps below to remediate this finding on Windows. On Windows, OpenSSL is typically bundled with other software (Apache, Nginx, Git, etc.).Update each bundled application to a version that includes OpenSSL 3.0.12 or later.For standalone OpenSSL insta...