STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server must not perform user management for hosted applications.

DISA Rule

SV-102591r1_rule

Vulnerability Number

V-92503

Group Title

SRG-APP-000141-WSR-000015

Rule Version

AS24-W2-000240

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Reconfigure any hosted applications on the Apache web server to perform user management outside the web server.

Document how the hosted application user management is accomplished.

Check Contents

Interview the System Administrator (SA) about the role of the Apache web server.

If the web server is hosting an application, have the SA provide supporting documentation on how the application's user management is accomplished outside of the web server.

If the web server is not hosting an application, this is Not Applicable.

If the web server is performing user management for hosted applications, this is a finding.

If the web server is hosting an application and the SA cannot provide supporting documentation on how the application's user management is accomplished outside of the Apache web server, this is a finding.

Vulnerability Number

V-92503

Documentable

False

Rule Version

AS24-W2-000240

Severity Override Guidance

Interview the System Administrator (SA) about the role of the Apache web server.

If the web server is hosting an application, have the SA provide supporting documentation on how the application's user management is accomplished outside of the web server.

If the web server is not hosting an application, this is Not Applicable.

If the web server is performing user management for hosted applications, this is a finding.

If the web server is hosting an application and the SA cannot provide supporting documentation on how the application's user management is accomplished outside of the Apache web server, this is a finding.

Check Content Reference

M

Target Key

3419

Comments