UCF STIG Viewer Logo

The designer will ensure the application does not contain invalid URL or path references.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6157 APP3080 SV-6157r1_rule DCSQ-1 Medium
Description
Resource information in code can easily advertise available vulnerabilities to unauthorized users. By placing the references into configuration files, the files can be further protected by file permissions and will be separated for ease of updating.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-14177r1_chk )
Search the source code for common URL prefixes and suffixes and to the extent feasible with available tools, NFS shares, NetBIOS shares and IP addresses.

All such resources should be captured from configuration files (i.e., “http://”, ftp://, “.mil”, “.com”).

1) If any references are invalid, it is a finding.
Fix Text (F-16990r1_fix)
Remove any invalid URL or path references from the application.