Qualys Archives - #!LinuxMinion

HTTP Security Header Not Detected

August 6, 2019 minion Leave a comment

The following is the excerpt from Qualys Scan report: Vulnerability: HTTP Security Header Not DetectedQID: 11827 Reported on Port : 80/tcpTHREAT:This QID reports the absence of the following HTTP headers: X-Frame-OptionsX-XSS-ProtectionX-Content-Type-Options IMPACT:Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type sniffing attacks. SOLUTION:Depending on their server software, customers are advised to set

SSH Server Public Key Too Small

July 23, 2019 minion 7 comments

We will look at one more interesting SSH vulnerability reported by Qualys scanner appliance on RHEL6 servers. This one is classified as Confirmed Severity 2 (Medium) vulnerability level with PCI Vulnerable. Below is the vulnerability details from scan report Vulnerability: SSH Server Public Key Too SmallQID: 38738Category: General remote services PCI Vuln: YesTHREAT: The SSH protocol (Secure Shell) is a

Deprecated SSH Cryptographic Settings

June 26, 2019 minion 12 comments

Our security scanner Qualys reported the vulnerability “Deprecated SSH Cryptographic Settings” across RHEL6 & RHEL7 fleet servers. The scan report provided description of the threat posed by the vulnerability, recommendation for correcting the problem and the result which shows how Qualys verified the vulnerability. Vulnerability : Deprecated SSH Cryptographic SettingsQID: 38739THREAT: The SSH protocol (Secure Shell) is a method for

M	T	W	T	F	S	S
« Jun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31