Search Results

Follow the steps below to remediate this finding on Linux (Debian/Ubuntu). Update OpenSSL to the latest patched version:sudo apt update sudo apt upgrade openssl libssl3Verify the installed version:openssl versionRestart services that depend on OpenSSL:sudo sys...

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux). Update OpenSSL via the package manager:sudo yum update openssl # RHEL/CentOS 7 sudo dnf update openssl # RHEL/CentOS 8+ / AlmaLinuxVerify the installed version:openssl v...

Follow the steps below to remediate this finding on Windows. Update each application that bundles OpenSSL to a version that includes OpenSSL 3.0.13 or later.For standalone OpenSSL installations, download the latest Win64 installer from the official OpenSSL bin...

Follow the steps below to remediate this finding on Generic / Developer guidance. Path traversal (directory traversal) allows attackers to access files outside the intended directory by injecting sequences such as ../.Remediation:Validate file paths against an...

Follow the steps below to remediate this finding on WordPress. Avoid building file paths from user input in custom themes and plugins.Use WordPress file API functions (get_template_directory(), WP_Filesystem) rather than raw PHP filesystem functions.Sanitise a...

Follow the steps below to remediate this finding on Joomla. Use JPath::clean() to normalise paths and JPath::check() to validate that the resolved path is within the allowed base directory:JPath::check($filePath);Never pass raw user input to JFile::read() or P...

Follow the steps below to remediate this finding on Drupal. Use Drupal's file system service to resolve paths safely:$file_system = \Drupal::service('file_system'); $realpath = $file_system->realpath($uri);Never build file paths from unvalidated user input.Use...

Follow the steps below to remediate this finding on Microsoft IIS webserver. In IIS Manager, select your site and open HTTP Response Headers.If X-Powered-By is listed, select it and click Remove in the Actions pane.For ASP.NET, also remove the X-AspNet-Version...

Follow the steps below to remediate this finding on Nginx webserver. PHP-FPM adds X-Powered-By by default. Disable it in php.ini:expose_php = OffRestart PHP-FPM:sudo systemctl restart php8.x-fpmAlternatively, strip the header in Nginx:fastcgi_hide_header X-Pow...

Follow the steps below to remediate this finding on Apache webserver. Disable PHP version exposure in php.ini:expose_php = OffTo also suppress the header at the Apache level, ensure mod_headers is enabled and add:Header unset X-Powered-By Header always unset X...

Follow the steps below to remediate this finding on Plesk. Log in to the Plesk control panel.Navigate to Domains > your domain > Apache & nginx Settings.Under "Additional Apache directives", add:Header unset X-Powered-ByUnder "Additional nginx directives", add...

Follow the steps below to remediate this finding on Microsoft IIS webserver. IIS does not include a Server header with version details by default, but if it does, install the URL Rewrite module and add an outbound rule to remove or replace the header:<rewrite>...

Follow the steps below to remediate this finding on Nginx webserver. In your nginx.conf http or server block, add:server_tokens off;This removes the version number from the Server header and error pages.Reload Nginx:sudo systemctl reload nginxFor complete Serv...

Follow the steps below to remediate this finding on Apache webserver. In apache2.conf or httpd.conf, set:ServerTokens Prod ServerSignature Off ServerTokens Prod reduces the Server header to just "Apache" without version details.Reload Apache:sudo systemctl rel...

Follow the steps below to remediate this finding on Plesk. Log in to the Plesk control panel.Navigate to Domains > your domain > Apache & nginx Settings.Under "Additional nginx directives", add:server_tokens off;Under "Additional Apache directives", add:Server...

Follow the steps below to remediate this finding on Windows. Enable SMB signing via Group Policy to require it on all connections.Open Group Policy Management (gpmc.msc).Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies...

Follow the steps below to remediate this finding on Linux (Debian/Ubuntu). For Samba servers, edit /etc/samba/smb.conf and add to the [global] section:server signing = mandatory client signing = mandatoryRestart Samba:sudo systemctl restart smbd nmbd

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux). For Samba servers, edit /etc/samba/smb.conf and add to the [global] section:server signing = mandatory client signing = mandatoryRestart Samba:sudo systemctl restart smb nmb

Follow the steps below to remediate this finding on Generic / Developer guidance. SQL injection occurs when untrusted input is concatenated into SQL queries without proper parameterisation.Remediation:Always use parameterised queries / prepared statements:PDO ...

Follow the steps below to remediate this finding on WordPress. Always use $wpdb->prepare() for custom queries:$results = $wpdb->get_results( $wpdb->prepare('SELECT * FROM wp_posts WHERE ID = %d', $postId) );Use the WordPress query API (WP_Query, get_posts()) i...