Check: WA000-WWA058 A22
APACHE Server 2.0 for Unix:
WA000-WWA058 A22
(in version v1 r5)
Title
Directory indexing must be disabled on directories not containing index files. (Cat II impact)
Discussion
Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable.
Check Content
To view the Indexes value enter the following command: grep "Indexes" /usr/local/apache2/conf/httpd.conf. Review all uncommented Options statements for the following value: -Indexes If the value is found on the Options statement, and it does not have a preceding ‘-‘, this is a finding. Notes: - If the value does NOT exist, this is a finding. - If all enabled Options statement are set to None this is not a finding.
Fix Text
Edit the httpd.conf file and add an "-" to the Indexes setting, or set the options directive to None.
Additional Identifiers
Rule ID: SV-32755r1_rule
Vulnerability ID: V-13735
Group Title: WA000-WWA058
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |