STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

Anonymous user access to the web server application directories must be prohibited.

DISA Rule

SV-70247r2_rule

Vulnerability Number

V-55993

Group Title

SRG-APP-000211-WSR-000031

Rule Version

SRG-APP-000211-WSR-000031

Severity

CAT II

CCI(s)

CCI-001082 - The information system separates user functionality (including user interface services) from information system management functionality.

Weight

Fix Recommendation

Configure the web server to not allow anonymous users to change the web server or any hosted applications.

Check Contents

Review the web server documentation and configuration to determine if anonymous users can make changes to the web server or any applications hosted by the web server.

If anonymous users can make changes, this is a finding.

Vulnerability Number

V-55993

Documentable

False

Rule Version

SRG-APP-000211-WSR-000031

Severity Override Guidance

Check Content Reference

Target Key

2557

Anonymous user access to the web server application directories must be prohibited.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments