UCF STIG Viewer Logo

OHS must have the LoadModule cgi_module directive disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-221361 OH12-1X-000114 SV-221361r879587_rule Medium
Description
A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.
STIG Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide 2022-12-09

Details

Check Text ( C-23076r414766_chk )
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for the "LoadModule cgi_module" directive within the "" directive at the OHS server configuration scope.

3. If the directive and its surrounding "" directive exist and are not commented out, this is a finding.
Fix Text (F-23065r414767_fix)
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for the "LoadModule cgi_module" directive within the "" directive at the OHS server configuration scope.

3. Comment out the "LoadModule cgi_module" directive and surrounding "" directives if they exist.