STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.

DISA Rule

SV-102673r1_rule

Vulnerability Number

V-92585

Group Title

SRG-APP-000439-WSR-000153

Rule Version

AS24-W2-000860

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Search the Apache configuration files for the "SSLCompression" directive.

If the directive is present, set it to "off".

Check Contents

Search the Apache configuration files for the "SSLCompression" directive.

If the directive does not exist, this is a not a finding.

If the directive exists and is not set to "off", this is a finding.

Vulnerability Number

V-92585

Documentable

False

Rule Version

AS24-W2-000860

Severity Override Guidance

Search the Apache configuration files for the "SSLCompression" directive.

If the directive does not exist, this is a not a finding.

If the directive exists and is not set to "off", this is a finding.

Check Content Reference

M

Target Key

3419

Comments