STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The web server must be configured to listen on a specific IP address and port.

DISA Rule

SV-33184r1_rule

Vulnerability Number

V-26326

Group Title

WA00555

Rule Version

WA00555 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the Listen directive to listen on a specific IP address and port.

Check Contents

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Listen

For any enabled Listen directives ensure they specify both an IP address and port number.

If the Listen directive is found with only an IP address, or only a port number specified, this is finding. If the IP address is all zeros (i.e. 0.0.0.0:80 or [::ffff:0.0.0.0]:80, this is a finding. If the Listen directive does not exist, this is a finding.

Vulnerability Number

V-26326

Documentable

False

Rule Version

WA00555 W22

Severity Override Guidance

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Listen

For any enabled Listen directives ensure they specify both an IP address and port number.

If the Listen directive is found with only an IP address, or only a port number specified, this is finding. If the IP address is all zeros (i.e. 0.0.0.0:80 or [::ffff:0.0.0.0]:80, this is a finding. If the Listen directive does not exist, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments