UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The CGI-Bin directory or the directory that maintains CGI scripts is not the only directory to have the ExecCGI directive applied. .


Overview

Finding ID Version Rule ID IA Controls Severity
V-13731 WA000-WWA050 SV-14341r1_rule Medium
Description
Directory options directives are httpd.conf directives that can be applied to further restrict access to file and directories. The Options directive controls which server features are available in a particular directory. The ExecCGI option controls the execution of CGI scripts using mod_cgi. This needs to be restricted to only the directory intended for script execution.
STIG Date
IIS 7.0 Server STIG 2019-03-22

Details

Check Text ( C-10983r1_chk )
Locate the Apache httpd.conf file. If you cannot locate the file, you can do a search of the drive to find the location of the file. Open the httpd.conf file with an editor and search for the following directive:


Then review the Options statement for the following value: ExecCGI

If the value is found on an options statement within the Directory directive, and it does not have a "-" preceding it, this is a finding. If the value does not exist, this would be a finding unless the Options statement has the "None" option.

Please be sure to check for all occurrences of the Directory directive for the presence of the ExecCGI value. If this enabled on any of these, this would be a finding.

NOTE: If the value is found on an options statement within the Directory directive, and this is a directory used for interactive scripts (CGI), this is not a finding.
Fix Text (F-13179r1_fix)
Locate cgi-bin files and directories enabled in the Apache configuration via Script, ScriptAlias or other Script* directives.

Remove the printenv default CGI in cgi-bin directory if it is installed.
rm $APACHE_PREFIX/cgi-bin/printenv

Remove the test-cgi file from the cgi-bin directory if it is installed.
rm $APACHE_PREFIX/cgi-bin/test-cgi

Review and remove any other cgi-bin files which are not needed for business purposes.