WG400 A22 – All interactive programs (CGI) must be placed in a designated directory with appropriate permissions.
Details CGI scripts represents one of the most common and exploitable means of compromising a web server. By definition, CGI...
- Home
- Security Hardening
- DISA STIG Apache Site 2.2 Unix V1R11 Middleware
DISA STIG Apache Site 2.2 Unix V1R11 Middleware
WG430 A22 – Anonymous FTP user access to interactive scripts is prohibited.
Details The directories containing the CGI scripts, such as PERL, must not be accessible to anonymous users via FTP. This...WG460 A22 – PERL scripts must use the TAINT option.
Details PERL (Practical Extraction and Report Language) is an interpreted language optimized for scanning arbitrary text files, extracting information from...WG610 A22 – Web sites must utilize ports, protocols, and services according to PPSM guidelines.
Details Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary protections...