Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-64697 | OH12-1X-000230 | SV-79187r1_rule | Medium |
Description |
---|
Application partitioning enables an additional security measure by securing user traffic under one security context, while managing system and application files under another. Web content is accessible to an anonymous web user. For such an account to have access to system files of any type is a major security risk that is avoidable and desirable. Failure to partition the system files from the web site documents increases risk of attack via directory traversal, or impede web site availability due to drive space exhaustion. |
STIG | Date |
---|---|
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide | 2019-12-12 |
Check Text ( C-65439r1_chk ) |
---|
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "DocumentRoot" directive at the OHS server and virtual host configuration scopes. 3. If the directory associated with the "DocumentRoot" directive is associated with the root partition, this is a finding. |
Fix Text (F-70627r1_fix) |
---|
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "DocumentRoot" directive at the OHS server and virtual host configuration scopes. 3. Move the directory associated with the "DocumentRoot" directive to a partition different from root partition. |