STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator.

DISA Rule

SV-33095r1_rule

Vulnerability Number

V-2264

Group Title

WG470

Rule Version

WG470 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove Wscript.exe and Cscript.exe files from the server, or restrict access to these files to the SA, the web administrator, and the system account.

Check Contents

Search for instances of Wscript.exe and Cscript.exe.

Move to these files, if found, and right-click on them to view their Properties.

Permissions should only exist for System, the SA, and the web administrator, who may have Full Control. User accounts with access to these files that are unknown, or unintended, should be removed.

If these files have permission for other than the SA, the web administrator, or the system, this is a finding.

Vulnerability Number

V-2264

Documentable

False

Rule Version

WG470 W22

Severity Override Guidance

Search for instances of Wscript.exe and Cscript.exe.

Move to these files, if found, and right-click on them to view their Properties.

Permissions should only exist for System, the SA, and the web administrator, who may have Full Control. User accounts with access to these files that are unknown, or unintended, should be removed.

If these files have permission for other than the SA, the web administrator, or the system, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

158

Comments