[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90801-2

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2022-10-10



Restrict Web Directory The default configuration for the web ('/var/www/html') Directory allows directory indexing ('Indexes') and the following of symbolic links ('FollowSymLinks'). Neither of these is recommended. The '/var/www/html' directory hierarchy should not be viewable via the web, and symlinks should only be followed if the owner of the symlink also owns the linked file. Ensure that this policy is adhered to by altering the related section of the configuration: <Directory "/var/www/html"> # ... Options SymLinksIfOwnerMatch # ... </Directory>


Parameter:


Technical Mechanism:

Access to the web server's directory hierarchy could allow access to unauthorized files by web clients. Following symbolic links could also allow such access. Fix: No Remediation Info

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31208
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30485


OVAL    2
oval:org.secpod.oval:def:31208
oval:org.secpod.oval:def:30485

© SecPod Technologies