Check: WA000-WWA056 A24
Apache Server 2.4 Unix:
WA000-WWA056 A24
(in version v1 r1)
Title
The MultiViews directive must be disabled. (Cat II impact)
Discussion
Directory options directives are directives that can be applied to further restrict access to file and directories. MultiViews is a per-directory option, meaning it can be set with an Options directive within a <Directory> directive. Elsewhere this option is ignored.
Check Content
To view the MultiViews values enter the following command: find / -name httpd.conf -print -exec grep -H -i "MultiViews" {} \; Review all uncommented Options statements for the following value: -MultiViews If the value is found on the Options statement, and it does not have a preceding '-', this is a finding. Notes: - If the value does NOT exist, this is a finding. - If all enabled Options statements are set to None this is not a finding.
Fix Text
Edit the httpd.conf file and add the '-' to the MultiViews setting, or set the Options directive to None.
Additional Identifiers
Rule ID:
Vulnerability ID: V-13734
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |