WA00535 W22 - The ScoreBoard file must be properly secured.

Information

The ScoreBoardFile directive sets a file path which the server will use for Inter-Process Communication (IPC) among the Apache processes. If the directive is specified, then Apache will use the configured file for the inter-process communication. Therefore if it is specified it needs to be located in a secure directory. If the ScoreBoard file is placed in openly writable directory, other accounts could create a denial of service attack and prevent the server from starting by creating a file with the same name, and or users could monitor and disrupt the communication between the processes by reading and writing to the file.

Solution

Modify the location and/or permissions for the ScoreBoard file and/or folder.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-33178r2_rule, STIG-ID|WA00535_W22, Vuln-ID|V-26322

Plugin: Windows

Control ID: cddfd26a882ce6d912cbf3aca12f3e11160d0e0df91efcd6cdfb9f5f7646c316