WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - test-cgi

Information

Directory options directives are directives that can be applied to further restrict access to file and directories. The Options directive controls which server features are available in a particular directory. The ExecCGI option controls the execution of CGI scripts using mod_cgi. This needs to be restricted to only the directory intended for script execution.

Solution

Locate any cgi-bin files and directories enabled in the Apache configuration via Script, ScriptAlias or other Script* directives.

Remove the printenv default CGI in cgi-bin directory if it is installed.

rm $APACHE_PREFIX/cgi-bin/printenv.

Remove the test-cgi file from the cgi-bin directory if it is installed.

rm $APACHE_PREFIX/cgi-bin/test-cgi.

Review and remove any other cgi-bin files which are not needed for business purposes.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-32763r2_rule, STIG-ID|WA000-WWA050_A22, Vuln-ID|V-13731

Plugin: Unix

Control ID: 8df2095c12b9976795f806fd06b3a04fd884244fd41cc7f02900491e3ff867ce