STIGQter STIGQter: STIG Summary: APACHE 2.2 Site for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Anonymous FTP user access to interactive scripts must be prohibited.

DISA Rule

SV-36714r1_rule

Vulnerability Number

V-2270

Group Title

WG430

Rule Version

WG430 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If the CGI, the cgi-bin, or the cgi-shl directories can be accessed via FTP by any group or user that does not require access, remove permissions to such directories for all but the web administrators and the SAs. Ensure that any such access employs an encrypted connection.

Check Contents

Locate the directories containing the CGI scripts. These directories should be language-specific (e.g., PERL, ASP, JS, JSP, etc.).

Right-click on the web content directory and the related CGI directories. On the Properties tab, examine the access rights for the CGI, cgi-bin, or cgi-shl directories.

Anonymous FTP users must not have access to these directories.

If the CGI, the cgi-bin, or the cgi-shl directories can be accessed by any group that does not require access, this is a finding.

Vulnerability Number

V-2270

Documentable

False

Rule Version

WG430 W22

Severity Override Guidance

Locate the directories containing the CGI scripts. These directories should be language-specific (e.g., PERL, ASP, JS, JSP, etc.).

Right-click on the web content directory and the related CGI directories. On the Properties tab, examine the access rights for the CGI, cgi-bin, or cgi-shl directories.

Anonymous FTP users must not have access to these directories.

If the CGI, the cgi-bin, or the cgi-shl directories can be accessed by any group that does not require access, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

161

Comments