| VID |
14063 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
the owner of Apache Web Server's process is unsafe. To minimize the risk while operation, it is safe to create user id and group for Web Server application that have minimum permission. In case that web process that is executed with root permission has been hacked, attacker can obtain root's permission. It is recommended that "nobody" is used as user id and group for safety.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
users and group that convert after httpd's execution with root permission can be set in httpd.conf
in case that nobody is used, change httpd.conf file as the following
User nobody
Group nobody |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
