{"description": "Server Side Includes provide a method of dynamically generating web pages through the\ninsertion of server-side code. However, the technology is also deprecated and\nintroduces significant security concerns.\nIf this functionality is unnecessary, comment out the related module:\n<pre>#LoadModule include_module modules/mod_include.so</pre>\nIf there is a critical need for Server Side Includes, they should be enabled with the\noption <tt>IncludesNoExec</tt> to prevent arbitrary code execution. Additionally, user\nsupplied data should be encoded to prevent cross-site scripting vulnerabilities.", "rationale": "Minimizing the number of loadable modules available to the web server reduces risk\nby limiting the capabilities allowed by the web server.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable Server Side Includes", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml", "template": null}