WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. - 'ScriptAliasMatch'

Information

Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise of a web server. If this user is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset.

Solution

Assign the appropriate permissions to the applicable directories and files.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip

Item Details

References: CAT|I, Rule-ID|SV-33136r1_rule, STIG-ID|WG290_W22, Vuln-ID|V-2258

Plugin: Windows

Control ID: d648da11faebf0a35fc5f5068aaa56e6483184a4e577d7f1b2c6ab2f43ab7d6b