WA00560 A22 – The URL-path name must be set to the file path name or the directory path name.

Details

The ScriptAlias directive controls which directories the Apache server ‘sees’ as containing scripts. If the directive uses a URL-path name that is different than the actual file system path, the potential exists to expose the script source code.

Solution

Edit the httpd.conf file and set the ScriptAlias URL-path and file-path or directory-path entries.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
Rule-ID|SV-33229r1_rule
STIG-ID|WA00560_A22
Vuln-ID|V-26327

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles