STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:SV-32998r1_rule
V-13731
WA000-WWA050
WA000-WWA050 W22
CAT II
10
Locate the scripts in a ScriptAlias directory, and/or add the appropriate symbol to explicitly disable ExecCGI, or set the options directive to None.
Locate the Apache httpd.conf file.
Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directives: SetHandler, AddHandler, and Options.
For all occurrences of the SetHandler and AddHandler directives query the Web Administrator to determine if the directives are allowing CGI scripts to be used.
If CGI Scripts are used via the SetHandler or AddHandler directives, this is a finding.
For all occurrences of the Options directive that are using +ExecCGI or ExecCGI, this is a finding.
If the Options directive is found with -ExecCGI, this is not a finding.
If the value does not exist, this would be a finding unless the Options statement is set to “None”.
V-13731
False
WA000-WWA050 W22
Locate the Apache httpd.conf file.
Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directives: SetHandler, AddHandler, and Options.
For all occurrences of the SetHandler and AddHandler directives query the Web Administrator to determine if the directives are allowing CGI scripts to be used.
If CGI Scripts are used via the SetHandler or AddHandler directives, this is a finding.
For all occurrences of the Options directive that are using +ExecCGI or ExecCGI, this is a finding.
If the Options directive is found with -ExecCGI, this is not a finding.
If the value does not exist, this would be a finding unless the Options statement is set to “None”.
M
Web Administrator
158