Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13735 | WA000-WWA058 W22 | SV-33006r1_rule | ECSC-1 | Medium |
Description |
---|
Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable. |
STIG | Date |
---|---|
APACHE SERVER 2.2 for Windows | 2015-05-29 |
Check Text ( C-33681r1_chk ) |
---|
Locate the Apache httpd.conf file. Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Options Review all uncommented Options statements for the following value: -Indexes If the value is found on the Options statement, and it does not have a preceding “-”, this is a finding. If the value does not exist, this would be a finding unless the enabled Options statement is set to “None”. |
Fix Text (F-29307r1_fix) |
---|
Add a "-" to the Indexes setting, or set the options directive to None. |