STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.

DISA Rule

SV-102675r1_rule

Vulnerability Number

V-92587

Group Title

SRG-APP-000439-WSR-000155

Rule Version

AS24-W2-000880

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure the "mod_session_crypto" module is installed.

Enable encrypted session cookies.

Example:

Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret

Check Contents

Verify the "mod_session_crypto" module is installed.

If the mod_session_crypto module is not being used, this is a finding.

Vulnerability Number

V-92587

Documentable

False

Rule Version

AS24-W2-000880

Severity Override Guidance

Verify the "mod_session_crypto" module is installed.

If the mod_session_crypto module is not being used, this is a finding.

Check Content Reference

M

Target Key

3419

Comments