STIGQter STIGQter: STIG Summary: APACHE SERVER 2.0 for Windows Version: 1 Release: 5 Benchmark Date: 23 Oct 2015: The HTTP request header fields must be limited.

DISA Rule

SV-33009r1_rule

Vulnerability Number

V-13737

Group Title

WA000-WWA062

Rule Version

WA000-WWA062 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set LimitRequestFields Directive to a value greater than 0.

Check Contents

Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: LimitRequestFields

Every enabled LimitRequestFields value needs to be greater than 0. If any directive is set improperly, this is a finding.

Note: This can be set to a really high number (Current max is 32767), it just cannot be unspecified.

Vulnerability Number

V-13737

Documentable

False

Rule Version

WA000-WWA062 W22

Severity Override Guidance

Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: LimitRequestFields

Every enabled LimitRequestFields value needs to be greater than 0. If any directive is set improperly, this is a finding.

Note: This can be set to a really high number (Current max is 32767), it just cannot be unspecified.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

2099

Comments