STIGQter: STIG Summary: APACHE 2.2 Site for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Interactive scripts used on a web server must have proper access controls.

DISA Rule

SV-28849r1_rule

Vulnerability Number

V-2229

Group Title

WG410

Rule Version

WG410 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure the CGI scripts are owned by root, the service account running the web service, the web author or the SA, and that the anonymous web user account has Read Only or Read - Execute permissions to such scripts.

Check Contents

Query the SA to determine if CGI scripts are used as part of the web site.

If interactive scripts are being used, check the permissions of these files to ensure they meet the following permissions:

interactive script files

Administrators Full Control
WebManagers Modify
System Read/Execute
Webserver Account Read/Execute

If the interactive scripts do not meet the above permissions or are less restrictive, this is a finding.

Vulnerability Number

V-2229

Documentable

False

Rule Version

WG410 W22

Severity Override Guidance

Query the SA to determine if CGI scripts are used as part of the web site.

If interactive scripts are being used, check the permissions of these files to ensure they meet the following permissions:

interactive script files

Administrators Full Control
WebManagers Modify
System Read/Execute
Webserver Account Read/Execute

If the interactive scripts do not meet the above permissions or are less restrictive, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments