Documentation - V-206385

V-206385

Web Server Security Requirements Guide

CAT II

Title

Users and scripts running on behalf of users must be contained to the document root or home directory tree of the web server.

Description

<VulnDiscussion>A web server is designed to deliver content and execute scripts or applications on the request of a client or user. Containing user requests to files in the directory tree of the hosted web application and limiting the execution of scripts and applications guarantees that the user is not accessing information protected outside the application's realm. The web server must also prohibit users from jumping outside the hosted application directory tree through access to the user'...

Fix Text (Documentation Requirement)

Configure the web server to contain users and scripts to each hosted application's domain.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel