STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

Users and scripts running on behalf of users must be contained to the document root or home directory tree of the Apache web server.

DISA Rule

SV-102599r2_rule

Vulnerability Number

V-92511

Group Title

SRG-APP-000141-WSR-000087

Rule Version

AS24-W2-000350

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Edit the <'INSTALLED PATH'>\conf\httpd.conf file and set the root directory directive as follows:

Directory

Require all denied

Check Contents

Review the <'INSTALLED PATH'>\conf\httpd.conf file and search for the following directive:

Directory

For every root directory entry (i.e., <Directory />), verify the following exists. If it does not, this is a finding:

Require all denied

If the statement above is not found in the root directory statement, this is a finding.

Vulnerability Number

V-92511

Documentable

False

Rule Version

AS24-W2-000350

Severity Override Guidance

Review the <'INSTALLED PATH'>\conf\httpd.conf file and search for the following directive:

Directory

For every root directory entry (i.e., <Directory />), verify the following exists. If it does not, this is a finding:

Require all denied

If the statement above is not found in the root directory statement, this is a finding.

Check Content Reference

M

Target Key

3419

Comments