Apr 12, 2023 Miscellaneous- Metadata updated.
- Platform check updated.
- Variables updated.
|
Mar 7, 2023 Miscellaneous- Metadata updated.
- References updated.
- Variables updated.
|
Dec 7, 2022 Added- WG280 - The access control files are owned by a privileged web server account - APP_Config_files
- WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIR
Removed- WG280 - The access control files are owned by a privileged web server account - @APP_Config_files@
- WG280 - The access control files are owned by a privileged web server account - @HTACCESS_DIR@
|
Aug 9, 2022 Functional Update- WA00500 A22 - Active software modules must be minimized.
- WA00505 A22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled.
- WA00510 A22 - Web server status module must be disabled.
- WA00515 A22 - Automatic directory indexing must be disabled.
- WA00520 A22 - The web server must not be configured as a proxy server.
- WA00525 A22 - User specific directories must not be globally enabled.
- WA00530 A22 - The process ID (PID) file must be properly secured
- WA00535 A22 - The score board file must be properly secured.
- WA230 A22 - The Web site software used with the web server must have all applicable security patches applied and documented.
- WG190 A22 - Web server software must be a vendor-supported version.
- WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissions
- WG280 - The access control files are owned by a privileged web server account - @APP_Config_files@
- WG280 - The access control files are owned by a privileged web server account - @HTACCESS_DIR@
- WG300 A22 - Web server system files must conform to minimum file permission requirements - cgi_bin
- WG300 A22 - Web server system files must conform to minimum file permission requirements - config
- WG300 A22 - Web server system files must conform to minimum file permission requirements - document root
- WG300 A22 - Web server system files must conform to minimum file permission requirements - logs
- WG385 A22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server.
|
Apr 25, 2022 Miscellaneous- Metadata updated.
- References updated.
|
Jul 30, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Jun 17, 2021 |
May 6, 2021 Functional Update- WA000-WWA052 A22 - The '-FollowSymLinks' setting must be disabled.
- WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - +Includes
- WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - -+IncludesNOEXEC|-Includes
- WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - None
- WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - Options None
- WA000-WWA056 A22 - The MultiViews directive must be disabled.
- WA000-WWA058 A22 - Directory indexing must be disabled on directories not containing index files.
- WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Deny
- WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Order
- WA00545 A22 - Web server options for the OS root must be disabled.
- WA00547 A22 - The ability to override the access configuration for the OS root directory must be disabled.
- WA00565 A22 - HTTP request methods must be limited - Deny
- WA00565 A22 - HTTP request methods must be limited - LimitExcept
- WA00565 A22 - HTTP request methods must be limited - Order
- WG300 A22 - Web server system files must conform to minimum file permission requirements - cgi_bin
Miscellaneous- Metadata updated.
- References updated.
|
