STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Debugging and trace information used to diagnose the Apache web server must be disabled.

DISA Rule

SV-214340r505936_rule

Vulnerability Number

V-214340

Group Title

SRG-APP-000266-WSR-000160

Rule Version

AS24-W1-000630

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Edit the <'INSTALL PATH'>\conf\httpd.conf file and add or set the value of "TraceEnable" to "Off".

Restart the Apache service.

Check Contents

Review the <'INSTALL PATH'>\conf\httpd.conf file.

For any enabled "TraceEnable" directives, verify they are part of the server=level configuration (i.e., not nested in a "Directory" or "Location" directive).

Also verify the "TraceEnable" directive is set to "Off".

If the "TraceEnable directive is not part of the server-level configuration and/or is not set to "Off", this is a finding.

If the directive does not exist in the conf file, this is a finding because the default value is "On".

Vulnerability Number

V-214340

Documentable

False

Rule Version

AS24-W1-000630

Severity Override Guidance

Review the <'INSTALL PATH'>\conf\httpd.conf file.

For any enabled "TraceEnable" directives, verify they are part of the server=level configuration (i.e., not nested in a "Directory" or "Location" directive).

Also verify the "TraceEnable" directive is set to "Off".

If the "TraceEnable directive is not part of the server-level configuration and/or is not set to "Off", this is a finding.

If the directive does not exist in the conf file, this is a finding because the default value is "On".

Check Content Reference

M

Target Key

3998

Comments