Check: AS24-W2-000310
Apache Server 2.4 Windows Site STIG:
AS24-W2-000310
(in versions v2 r1 through v1 r0.1)
Title
The Apache web server must allow the mappings to unused and vulnerable scripts to be removed. (Cat II impact)
Discussion
Scripts allow server-side processing on behalf of the hosted application user or as processes needed in the implementation of hosted applications. Removing scripts not needed for application operation or deemed vulnerable helps to secure the web server. To ensure scripts are not added to the web server and run maliciously, script mappings that are not needed or used by the web server for hosted application operation must be removed.
Check Content
Locate cgi-bin files and directories enabled in the Apache configuration via "Script", "ScriptAlias" or "ScriptAliasMatch", or "ScriptInterpreterSource" directives. If any script is present that is not needed for application operation, this is a finding.
Fix Text
Remove any scripts in cgi-bin directory if they are not needed for application operation.
Additional Identifiers
Rule ID: SV-214367r395853_rule
Vulnerability ID: V-214367
Group Title: SRG-APP-000141-WSR-000082
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |