WG290 W22 – The web client account access to the content and scripts directories must be limited to read and execute. – ‘Alias’

Details

Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise of a web server. If this user is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset.

Solution

Assign the appropriate permissions to the applicable directories and files.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Configuration Management.This control applies to the following type of system Windows.

References

800-53|AC-6(7)(b)
800-53|CM-6b.
CAT|I
CSCv6|3.1
Rule-ID|SV-33136r1_rule
STIG-ID|WG290_W22
Vuln-ID|V-2258

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles