Check: WA00560 A24
Apache Server 2.4 Unix:
WA00560 A24
(in version v1 r1)
Title
The URL-path name must be set to the file path name or the directory path name. (Cat II impact)
Discussion
The ScriptAlias directive controls which directories the Apache server "sees" as containing scripts. If the directive uses a URL-path name that is different than the actual file system path, the potential exists to expose the script source code.
Check Content
Enter the following command: find / -name httpd.conf -print -exec grep -i -H "ScriptAlias" {} \; If any enabled ScriptAlias directive do not have matching URL-path and file-path or directory-path entries, this is a finding.
Fix Text
Edit the httpd.conf file and set the ScriptAlias URL-path and file-path or directory-path entries.
Additional Identifiers
Rule ID:
Vulnerability ID: V-26327
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
No controls are assigned to this check |