[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90780-8

Platform: cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:7Date: (C)2017-06-29   (M)2023-07-04



Is there a mission-critical reason for users to upload files via FTP? If not, edit the vsftpd configuration file to add or correct the following configuration options: 'write_enable=NO' If FTP uploads are necessary, follow the guidance in the remainder of this section to secure these transactions as much as possible.


Parameter:

[yes/no]


Technical Mechanism:

Anonymous FTP can be a convenient way to make files available for universal download. However, it is less common to have a need to allow unauthenticated users to place files on the FTP server. If this must be done, it is necessary to ensure that files cannot be uploaded and downloaded from the same directory.

CCSS Severity:CCSS Metrics:
CCSS Score : 9.1Attack Vector: NETWORK
Exploit Score: 3.9Attack Complexity: LOW
Impact Score: 5.2Privileges Required: NONE
Severity: CRITICALUser Interaction: NONE
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HScope: UNCHANGED
 Confidentiality: NONE
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31188
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30465


OVAL    2
oval:org.secpod.oval:def:30465
oval:org.secpod.oval:def:31188
XCCDF    2
xccdf_org.secpod_benchmark_general_CENTOS_7
xccdf_org.secpod_benchmark_general_RHEL_7

© SecPod Technologies