Title

The MultiViews directive must be disabled. (Cat II impact)

Discussion

Directory options directives are directives that can be applied to further restrict access to file and directories. MultiViews is a per-directory option, meaning it can be set with an Options directive within a

Check Content

Locate the Apache httpd.conf file. Open the httpd.conf file with an editor such as Notepad, and search for the following uncommented directive: Options Review all uncommented Options statements for the following value: -MultiViews If the value is found on the Options statement, and it does not have a preceding "-", this is a finding. If the value does not exist at all, this would be a finding unless the enabled Options statement is set to “None”.

Fix Text

Add a "-" to the MultiViews setting, or set the options directive to None.

Additional Identifiers

Rule ID: SV-33004r2_rule

Vulnerability ID: V-13734

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.