| VID |
14107 |
| Severity |
10 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
If unnecessary file upload or download is permitted, a service can be disabled by a large amount of uploading and downloading. Therefore, we do not allow unnecessary uploads and downloads, and should not be handled by the web server, and should perform file security review automatically or manually.
* Affected platforms:
UNIX, Linux |
| Recommendation |
Limit the capacity of the file size by doing the following.
1. Open /[Apache_home]/conf/httpd.conf
#vi /[Apache_home]/conf/httpd.conf
2. Set file size limit in the "LimitRequestBody" in all configured directories
<Directory />
LimitRequestBody 5000000 (* Limit all file sizes to 5M)
</Directory> |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
