Warning! Audit Deprecated
Information
Vulnerability Key: V0002248
IA Controls: ECCD-1 Changes to Data, ECCD-2 Changes to Data
Categories: 2.2 Least Privilege
Severity: Category II
Ref: WEB SERVER SECURITY TECHNICAL IMPLEMENTATION GUIDE Section 3.5
The key web service administrative and configuration tools must only be accessible by the web
server staff. As these services control the functioning of the web server, access to these tools is
crucial. This would include access to the Web Admin Server in Netscape, the IIS Management
Console, the Apache httpd.conf file or in Oracle, sysadmin.cfg.