STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server must have resource mappings set to disable the serving of certain file types.

DISA Rule

SV-102593r1_rule

Vulnerability Number

V-92505

Group Title

SRG-APP-000141-WSR-000081

Rule Version

AS24-W2-000300

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Disable MIME types for .exe, .dll, .com, .bat, and .csh programs.

If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, remove those references.

Check Contents

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, or any other shell as a viewer for documents, this is a finding.

Vulnerability Number

V-92505

Documentable

False

Rule Version

AS24-W2-000300

Severity Override Guidance

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, or any other shell as a viewer for documents, this is a finding.

Check Content Reference

M

Target Key

3419

Comments