STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

Debugging and trace information used to diagnose the Apache web server must be disabled.

DISA Rule

SV-102645r1_rule

Vulnerability Number

V-92557

Group Title

SRG-APP-000266-WSR-000160

Rule Version

AS24-W2-000630

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Edit the <'INSTALLED PATH'>\conf\httpd.conf file and add or set the value of "EnableTrace" to "Off".

Check Contents

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

For any enabled "TraceEnable" directives, verify they are part of the server-level configuration (i.e., not nested in a "Directory" or "Location" directive).

Also, verify the "TraceEnable" directive is set to "Off".

If the "TraceEnable" directive is not part of the server-level configuration and/or is not set to "Off", this is a finding.

If the directive does not exist in the "conf" file, this is a finding because the default value is "On".

Vulnerability Number

V-92557

Documentable

False

Rule Version

AS24-W2-000630

Severity Override Guidance

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

For any enabled "TraceEnable" directives, verify they are part of the server-level configuration (i.e., not nested in a "Directory" or "Location" directive).

Also, verify the "TraceEnable" directive is set to "Off".

If the "TraceEnable" directive is not part of the server-level configuration and/or is not set to "Off", this is a finding.

If the directive does not exist in the "conf" file, this is a finding because the default value is "On".

Check Content Reference

M

Target Key

3419

Comments