STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Backup interactive scripts on the production web server must be prohibited.

DISA Rule

SV-33092r1_rule

Vulnerability Number

V-2230

Group Title

WG420

Rule Version

WG420 W22

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Ensure that CGI backup scripts are not left on the production web server.

Check Contents

This check is limited to CGI/interactive content and not static HTML.

Find on all hard drives files containing the following extensions: *.bak, *.old, *.temp, *.tmp, or *.backup.

If files with these extensions are found in either the document directory or the home directory of the web server, this is a finding.

If files with these extensions are stored in a repository (not in the document root) as backups for the web server, this is a finding.

If files with these extensions have no relationship with web activity, such as a backup batch file for operating system utility, and they are not accessible by the web application, this is not a finding.

Vulnerability Number

V-2230

Documentable

False

Rule Version

WG420 W22

Severity Override Guidance

This check is limited to CGI/interactive content and not static HTML.

Find on all hard drives files containing the following extensions: *.bak, *.old, *.temp, *.tmp, or *.backup.

If files with these extensions are found in either the document directory or the home directory of the web server, this is a finding.

If files with these extensions are stored in a repository (not in the document root) as backups for the web server, this is a finding.

If files with these extensions have no relationship with web activity, such as a backup batch file for operating system utility, and they are not accessible by the web application, this is not a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments