Information
The 'Options' Directive controls what extended web server functions are applied to directories and/or files. This feature should only be applied to the designated cgi-bin directory. The ExecCGI setting permits the execution of CGI scripts within the directory. The FollowSymLinks setting allows the server to follow symbolic links found in the directory. The Multiviews setting allows for multiple files to refer to the same request.
NOTE - User must check output for 'Options None'
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Modify the directory access permissions in the httpd.conf file to explicitly deny any extended directory functions stated above.
Using 'None' with the Options directive disables all extended directory access permissions. An example of a safe setting is given below.
<Directory <'directory path'>>
Options None
AllowOverride None
Order allow, deny
Deny from all
</Directory>