STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server must allow the mappings to unused and vulnerable scripts to be removed.

DISA Rule

SV-102595r1_rule

Vulnerability Number

V-92507

Group Title

SRG-APP-000141-WSR-000082

Rule Version

AS24-W2-000310

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Remove any scripts in cgi-bin directory if they are not needed for application operation.

Check Contents

Locate cgi-bin files and directories enabled in the Apache configuration via "Script", "ScriptAlias" or "ScriptAliasMatch", or "ScriptInterpreterSource" directives.

If any script is present that is not needed for application operation, this is a finding.

Vulnerability Number

V-92507

Documentable

False

Rule Version

AS24-W2-000310

Severity Override Guidance

Locate cgi-bin files and directories enabled in the Apache configuration via "Script", "ScriptAlias" or "ScriptAliasMatch", or "ScriptInterpreterSource" directives.

If any script is present that is not needed for application operation, this is a finding.

Check Content Reference

M

Target Key

3419

Comments