STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.

DISA Rule

SV-102641r1_rule

Vulnerability Number

V-92553

Group Title

SRG-APP-000266-WSR-000142

Rule Version

AS24-W2-000610

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Add a default document to the applicable directories.

Check Contents

Review the DocumentRoot directive in the <'INSTALLED PATH'>\conf\httpd.conf file.

Note each location following the "DocumentRoot" string. This is the configured path(s) to the document root directory(s).

To view a list of the directories and sub-directories and the file "index.html", from each stated "DocumentRoot" location, enter the following command:

dir "index.html"

Review the results for each document root directory and its subdirectories.

If a directory does not contain an "index.html" or equivalent default document, this is a finding.

Vulnerability Number

V-92553

Documentable

False

Rule Version

AS24-W2-000610

Severity Override Guidance

Review the DocumentRoot directive in the <'INSTALLED PATH'>\conf\httpd.conf file.

Note each location following the "DocumentRoot" string. This is the configured path(s) to the document root directory(s).

To view a list of the directories and sub-directories and the file "index.html", from each stated "DocumentRoot" location, enter the following command:

dir "index.html"

Review the results for each document root directory and its subdirectories.

If a directory does not contain an "index.html" or equivalent default document, this is a finding.

Check Content Reference

M

Target Key

3419

Comments