Check: WA00560 A22
APACHE Server 2.0 for Unix:
WA00560 A22
(in version v1 r5)
Title
The URL-path name must be set to the file path name or the directory path name. (Cat II impact)
Discussion
The ScriptAlias directive controls which directories the Apache server "sees" as containing scripts. If the directive uses a URL-path name that is different than the actual file system path, the potential exists to expose the script source code.
Check Content
Enter the following command: grep "ScriptAlias" /usr/local/apache2/conf/httpd.conf. If any enabled ScriptAlias directive do not have matching URL-path and file-path or directory-path entries, this is a finding.
Fix Text
Edit the httpd.conf file and set the ScriptAlias URL-path and file-path or directory-path entries.
Additional Identifiers
Rule ID: SV-33229r1_rule
Vulnerability ID: V-26327
Group Title: WA00560
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
No controls are assigned to this check |