STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Apache web server must be configured to use a specified IP address and port.

DISA Rule

SV-214326r505936_rule

Vulnerability Number

V-214326

Group Title

SRG-APP-000142-WSR-000089

Rule Version

AS24-W1-000360

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Edit the <'INSTALL PATH'>\conf\httpd.conf file and set the "Listen" directive to listen on a specific IP address and port.

Restart the Apache service.

Check Contents

Review the <'INSTALL PATH'>\conf\httpd.conf file and search for the following directive:

Listen

For any enabled "Listen" directives, verify they specify both an IP address and port number.

If the "Listen" directive is found with only an IP address or only a port number specified, this is finding.

If the IP address is all zeros (i.e., 0.0.0.0:80 or [::ffff:0.0.0.0]:80), this is a finding.

If the "Listen" directive does not exist, this is a finding.

Vulnerability Number

V-214326

Documentable

False

Rule Version

AS24-W1-000360

Severity Override Guidance

Review the <'INSTALL PATH'>\conf\httpd.conf file and search for the following directive:

Listen

For any enabled "Listen" directives, verify they specify both an IP address and port number.

If the "Listen" directive is found with only an IP address or only a port number specified, this is finding.

If the IP address is all zeros (i.e., 0.0.0.0:80 or [::ffff:0.0.0.0]:80), this is a finding.

If the "Listen" directive does not exist, this is a finding.

Check Content Reference

M

Target Key

3998

Comments