STIGQter STIGQter: STIG Summary: APACHE Server 2.0 for Unix Version: 1 Release: 5 Benchmark Date: 23 Oct 2015: The HTTP request line must be limited.

DISA Rule

SV-32768r2_rule

Vulnerability Number

V-13739

Group Title

WA000-WWA066

Rule Version

WA000-WWA066 A22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the httpd.conf file and set the LimitRequestLine to 8190 or other approved value. If no LimitRequestLine directives exist, explicitly add the directive and set to 8190.

Check Contents

To view the LimitRequestLine value enter the following command:

grep "LimitRequestLine" /usr/local/apache2/conf/httpd.conf.

If the value of LimitRequestLine is not set to 8190, this is a finding.
If no LimitRequestLine directives exist, this is a Finding. Although the default value is 8190, this directive must be explicitly set.

Vulnerability Number

V-13739

Documentable

False

Rule Version

WA000-WWA066 A22

Severity Override Guidance

To view the LimitRequestLine value enter the following command:

grep "LimitRequestLine" /usr/local/apache2/conf/httpd.conf.

If the value of LimitRequestLine is not set to 8190, this is a finding.
If no LimitRequestLine directives exist, this is a Finding. Although the default value is 8190, this directive must be explicitly set.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

2099

Comments