STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The Apache web server must have Web Distributed Authoring (WebDAV) disabled.

DISA Rule

SV-214245r612240_rule

Vulnerability Number

V-214245

Group Title

SRG-APP-000141-WSR-000085

Rule Version

AS24-U1-000330

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

Determine where the "dav" modules are located by running the following command:

grep -rl "dav_module" <'INSTALL PATH'>

Edit the file and comment out the following modules:

dav_module
dav_fs_module
dav_lock_module

Restart Apache: apachectl restart

Check Contents

In a command line, run "httpd -M | sort" to view a list of installed modules.

If any of the following modules are present, this is a finding:

dav_module
dav_fs_module
dav_lock_module

Vulnerability Number

V-214245

Documentable

False

Rule Version

AS24-U1-000330

Severity Override Guidance

In a command line, run "httpd -M | sort" to view a list of installed modules.

If any of the following modules are present, this is a finding:

dav_module
dav_fs_module
dav_lock_module

Check Content Reference

Target Key

3996

The Apache web server must have Web Distributed Authoring (WebDAV) disabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments