STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Apache web server must have resource mappings set to disable the serving of certain file types.

DISA Rule

SV-214323r505936_rule

Vulnerability Number

V-214323

Group Title

SRG-APP-000141-WSR-000081

Rule Version

AS24-W1-000300

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Disable MIME types for .exe, .dll, .com, .bat, and .csh programs.

If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, remove those references.

Restart the Apache service.

Check Contents

Review the <'INSTALL PATH'>\conf\httpd.conf file.

If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, or any other shell as a viewer for documents, this is a finding.

Vulnerability Number

V-214323

Documentable

False

Rule Version

AS24-W1-000300

Severity Override Guidance

Review the <'INSTALL PATH'>\conf\httpd.conf file.

If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, or any other shell as a viewer for documents, this is a finding.

Check Content Reference

M

Target Key

3998

Comments