STIGQter STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Remote authors or content providers must have all files scanned for viruses and malicious code before uploading files to the Document Root directory.

DISA Rule

SV-36699r1_rule

Vulnerability Number

V-13687

Group Title

WG237

Rule Version

WG237 A22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Install anti-virus software on the system and set it to automatically scan new files that are introduced to the web server.

Check Contents

Remote web authors should not be able to upload files to the Document Root directory structure without virus checking and checking for malicious or mobile code.

Query the SA to determine if there is anti-virus software active on the server with auto-protect enabled, or if there is another process in place for the scanning of files being posted by remote authors.

If there is no virus software on the system with auto-protect enabled, or if there is not a process in place to ensure all files being posted are being virus scanned before being saved to the document root, this is a finding.

Vulnerability Number

V-13687

Documentable

False

Rule Version

WG237 A22

Severity Override Guidance

Remote web authors should not be able to upload files to the Document Root directory structure without virus checking and checking for malicious or mobile code.

Query the SA to determine if there is anti-virus software active on the server with auto-protect enabled, or if there is another process in place for the scanning of files being posted by remote authors.

If there is no virus software on the system with auto-protect enabled, or if there is not a process in place to ensure all files being posted are being virus scanned before being saved to the document root, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments