[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90790-7

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2022-10-10



Disable Server Side Includes Server Side Includes provide a method of dynamically generating web pages through the insertion of server-side code. However, the technology is also deprecated and introduces significant security concerns. If this functionality is unnecessary, comment out the related module: '#LoadModule include_module modules/mod_include.so' If there is a critical need for Server Side Includes, they should be enabled with the option 'IncludesNoExec' to prevent arbitrary code execution. Additionally, user supplied data should be encoded to prevent cross-site scripting vulnerabilities.


Parameter:


Technical Mechanism:

Minimizing the number of loadable modules available to the web server reduces risk by limiting the capabilities allowed by the web server. Fix: No Remediation Info

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31197
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30474
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31197
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30474


OVAL    2
oval:org.secpod.oval:def:31197
oval:org.secpod.oval:def:30474

© SecPod Technologies