STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

MIME types for csh or sh shell programs must be disabled.

DISA Rule

SV-36309r2_rule

Vulnerability Number

V-2225

Group Title

WG370

Rule Version

WG370 A22

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Disable MIME types for csh or sh shell programs.

Check Contents

Enter the following commands:

grep "Action" /usr/local/apache2/conf/httpd.conf grep "AddHandler" /usr/local/apache2/conf/httpd.conf

If either of these exist and they configure /bin/csh, or any other shell as a viewer for documents, this is a finding.

Vulnerability Number

V-2225

Documentable

False

Rule Version

WG370 A22

Severity Override Guidance

Check Content Reference

Responsibility

Web Administrator

Target Key

158

MIME types for csh or sh shell programs must be disabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments