STIGQter STIGQter: STIG Summary: APACHE Server 2.0 for Unix Version: 1 Release: 5 Benchmark Date: 23 Oct 2015: The HTTP request header fields must be limited.

DISA Rule

SV-32757r1_rule

Vulnerability Number

V-13737

Group Title

WA000-WWA062

Rule Version

WA000-WWA062 A22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the httpd.conf file and set LimitRequestFields Directive to a value greater than 0.

Check Contents

To view the LimitRequestFields value enter the following command:

grep "LimitRequestFields" /usr/local/apache2/conf/httpd.conf.

If the value of LimitRequestFields is not set to a value greater than 0, this is a finding.

Vulnerability Number

V-13737

Documentable

False

Rule Version

WA000-WWA062 A22

Severity Override Guidance

To view the LimitRequestFields value enter the following command:

grep "LimitRequestFields" /usr/local/apache2/conf/httpd.conf.

If the value of LimitRequestFields is not set to a value greater than 0, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

2099

Comments