STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.

DISA Rule

SV-102673r1_rule

Vulnerability Number

V-92585

Group Title

SRG-APP-000439-WSR-000153

Rule Version

AS24-W2-000860

Severity

CAT II

CCI(s)

CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

Fix Recommendation

Search the Apache configuration files for the "SSLCompression" directive.

If the directive is present, set it to "off".

Check Contents

Search the Apache configuration files for the "SSLCompression" directive.

If the directive does not exist, this is a not a finding.

If the directive exists and is not set to "off", this is a finding.

The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments