Search Results

Follow the steps below to remediate this finding on Drupal. In Drupal's performance settings (Admin > Configuration > Development > Performance), review caching settings.Use the Page Cache module configuration to control cache headers and avoid leaking timesta...

Follow the steps below to remediate this finding on Microsoft IIS webserver. Use IIS Crypto to disable TLS 1.0.Open IIS Crypto, select the "Best Practices" template or manually uncheck TLS 1.0 under the Protocols section.Click Apply and reboot the server.Alter...

Follow the steps below to remediate this finding on Nginx webserver. In nginx.conf, update ssl_protocols to exclude TLS 1.0:ssl_protocols TLSv1.2 TLSv1.3;Reload Nginx:sudo systemctl reload nginx

Follow the steps below to remediate this finding on Apache webserver. In the Apache SSL configuration, update SSLProtocol to exclude TLS 1.0:SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1Reload Apache:sudo systemctl reload apache2

Follow the steps below to remediate this finding on Plesk. Log in to the Plesk control panel.Navigate to Domains > your domain > Apache & nginx Settings.Under "Additional nginx directives", add:ssl_protocols TLSv1.2 TLSv1.3;Click Apply.

Follow the steps below to remediate this finding on Microsoft IIS webserver. Use IIS Crypto to disable TLS 1.1.Open IIS Crypto and uncheck TLS 1.1 under the Protocols section.Click Apply and reboot the server.Alternatively, via the registry:[HKEY_LOCAL_MACHINE...

Follow the steps below to remediate this finding on Nginx webserver. In nginx.conf, update ssl_protocols:ssl_protocols TLSv1.2 TLSv1.3;Reload Nginx:sudo systemctl reload nginx

Follow the steps below to remediate this finding on Apache webserver. In the Apache SSL configuration:SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1Reload Apache:sudo systemctl reload apache2

Follow the steps below to remediate this finding on Plesk. Log in to the Plesk control panel.Navigate to Domains > your domain > Apache & nginx Settings.Under "Additional nginx directives", add:ssl_protocols TLSv1.2 TLSv1.3;Click Apply.

Follow the steps below to remediate this finding on Linux (Debian/Ubuntu). Disable and remove the Telnet server:sudo systemctl stop telnet.socket inetd 2>/dev/null sudo systemctl disable telnet.socket inetd 2>/dev/null sudo apt purge telnetd telnetd-ssl xinetd...

Follow the steps below to remediate this finding on Linux (RHEL/CentOS/AlmaLinux). Disable and remove the Telnet server:sudo systemctl stop telnet.socket 2>/dev/null sudo systemctl disable telnet.socket 2>/dev/null sudo yum remove telnet-server xinetd 2>/dev/n...

Follow the steps below to remediate this finding on Windows. Disable the Telnet Server Windows feature:Dism /Online /Disable-Feature /FeatureName:TelnetServerOr via PowerShell:Disable-WindowsOptionalFeature -Online -FeatureName TelnetServerEnsure Remote Deskto...

Follow the steps below to remediate this finding on Generic / Developer guidance. XSLT injection occurs when user-supplied input is incorporated into XSL stylesheets or XML data that is processed by an XSLT processor.Remediation:Never allow users to supply or ...

Follow the steps below to remediate this finding on WordPress. If your theme or plugins process XML/XSLT, ensure user input is never incorporated into stylesheets.Use SimpleXML or DOMDocument with entity loading disabled:libxml_disable_entity_loader(true);Inst...

Follow the steps below to remediate this finding on Joomla. Ensure custom Joomla components that process XML validate and sanitise all XML input.Use JFilterInput to strip disallowed tags and attributes before processing.Disable PHP execution within XSLT if usi...

Follow the steps below to remediate this finding on Drupal. Ensure custom Drupal modules that process XML use secure XML parsing:libxml_disable_entity_loader(true);Use Drupal's provided XML utilities and never pass unsanitised user data into XSLT transformatio...