Tenable scan showing vulnerabilities


#1

CloudFlare WAF and OWASP/rules are all currently enabled but we are getting vulnerabilities when we do a tenable scan on our web server. Our client demands to get rid of the vulnerabilities. Please see screenshot below.

Any help/suggestions would greatly be appreciated. Thanks!


#2

Vulnerability scans almost always show false positives. Without a close look at those scan details, we can’t determine if it’s true XSS/SQLi or a false positive.


#3

you need someone with technical knowledge… you have a lot of problem and cf cant take care of it