STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

DISA Rule

SV-214270r612240_rule

Vulnerability Number

V-214270

Group Title

SRG-APP-000456-WSR-000187

Rule Version

AS24-U1-000930

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Install the current version of the web server software and maintain appropriate service packs and patches.

Check Contents

Determine the most recent patch level of the Apache Web Server 2.4 software, as posted on the Apache HTTP Server Project website. If the Apache installation is a proprietary installation supporting an application and is supported by a vendor, determine the most recent patch level of the vendor’s installation.

In a command line, type "httpd -v".

If the version is more than one version behind the most recent patch level, this is a finding.

Vulnerability Number

V-214270

Documentable

False

Rule Version

AS24-U1-000930

Severity Override Guidance

Determine the most recent patch level of the Apache Web Server 2.4 software, as posted on the Apache HTTP Server Project website. If the Apache installation is a proprietary installation supporting an application and is supported by a vendor, determine the most recent patch level of the vendor’s installation.

In a command line, type "httpd -v".

If the version is more than one version behind the most recent patch level, this is a finding.

Check Content Reference

M

Target Key

3996

Comments