Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13731 | WA000-WWA050 | SV-14341r1_rule | Medium |
Description |
---|
Directory options directives are httpd.conf directives that can be applied to further restrict access to file and directories. The Options directive controls which server features are available in a particular directory. The ExecCGI option controls the execution of CGI scripts using mod_cgi. This needs to be restricted to only the directory intended for script execution. |
STIG | Date |
---|---|
IIS 7.0 Server STIG | 2019-03-22 |
Check Text ( C-10983r1_chk ) |
---|
Locate the Apache httpd.conf file. If you cannot locate the file, you can do a search of the drive to find the location of the file. Open the httpd.conf file with an editor and search for the following directive: Then review the Options statement for the following value: ExecCGI If the value is found on an options statement within the Directory directive, and it does not have a "-" preceding it, this is a finding. If the value does not exist, this would be a finding unless the Options statement has the "None" option. Please be sure to check for all occurrences of the Directory directive for the presence of the ExecCGI value. If this enabled on any of these, this would be a finding. NOTE: If the value is found on an options statement within the Directory directive, and this is a directory used for interactive scripts (CGI), this is not a finding. |
Fix Text (F-13179r1_fix) |
---|
Locate cgi-bin files and directories enabled in the Apache configuration via Script, ScriptAlias or other Script* directives. Remove the printenv default CGI in cgi-bin directory if it is installed. rm $APACHE_PREFIX/cgi-bin/printenv Remove the test-cgi file from the cgi-bin directory if it is installed. rm $APACHE_PREFIX/cgi-bin/test-cgi Review and remove any other cgi-bin files which are not needed for business purposes. |