Check: WA000-WWA058 A24
Apache Server 2.4 Unix:
WA000-WWA058 A24
(in version v1 r1)
Title
Directory indexing must be disabled on directories not containing index files. (Cat II impact)
Discussion
Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable.
Check Content
To view the Indexes value enter the following command: find / -name httpd.conf -print -exec grep -H -i "Indexes" {} \; Review all uncommented Options statements for the following value: -Indexes If the value is found on the Options statement, and it does not have a preceding '-', this is a finding. Notes: - If the value does NOT exist, this is a finding. - If all enabled Options statements are set to None this is not a finding.
Fix Text
Edit the httpd.conf file and add an '-' to the Indexes setting, or set the Options directive to None.
Additional Identifiers
Rule ID:
Vulnerability ID: V-13735
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |