CCE-90801-2Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Restrict Web Directory
The default configuration for the web ('/var/www/html') Directory allows directory
indexing ('Indexes') and the following of symbolic links ('FollowSymLinks').
Neither of these is recommended.
The '/var/www/html' directory hierarchy should not be viewable via the web, and
symlinks should only be followed if the owner of the symlink also owns the linked file.
Ensure that this policy is adhered to by altering the related section of the configuration:
<Directory "/var/www/html">
# ...
Options SymLinksIfOwnerMatch
# ...
</Directory>
Parameter:
Technical Mechanism:
Access to the web server's directory hierarchy could allow access to unauthorized files
by web clients. Following symbolic links could also allow such access.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31208 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30485 |