Check: WA00525 A24
Apache Server 2.4 Unix:
WA00525 A24
(in version v1 r1)
Title
User specific directories must not be globally enabled. (Cat II impact)
Discussion
The UserDir directive must be disabled so that user home directories are not accessed via the web site with a tilde (~) preceding the username. The directive also sets the path name of the directory that will be accessed. The user directories should not be globally enabled since it allows anonymous access to anything users may want to share with other users on the network. Also consider that every time a new account is created on the system, there is potentially new content available via the web site.
Check Content
Enter the following command: httpd -M | grep userdir If userdir_module is listed, this is a finding.
Fix Text
Edit the httpd.conf file and disable userdir_module.
Additional Identifiers
Rule ID:
Vulnerability ID: V-26302
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |