WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'SetHandler'

Information

CGI scripts are one of the most exploited vulnerabilities on web servers. CGI script execution in Apache can be accomplished via two methods. The first method uses the ScriptAlias directive to tell the server everything in that directory is a CGI script. The second method uses a combination of the Options directive and AddHandler or SetHandler directives. For situations where the combination of the Options directive and Handler directives are used, the ability to centrally manage scripts is lost, creating vulnerability on the web server. It is best to manage scripts using the ScriptAlias directive.

Solution

Locate the scripts in a ScriptAlias directory, and/or add the appropriate symbol to explicitly disable ExecCGI, or set the options directive to None.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CAT|II, Rule-ID|SV-32998r1_rule, STIG-ID|WA000-WWA050_W22, Vuln-ID|V-13731

Plugin: Windows

Control ID: 9392cbfc3c8703def2a3cf8c19104cc2adda61f350effd11bff5166d9e5ff137