STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.

DISA Rule

SV-214355r505936_rule

Vulnerability Number

V-214355

Group Title

SRG-APP-000439-WSR-000153

Rule Version

AS24-W1-000860

Severity

CAT II

CCI(s)

CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

Fix Recommendation

Perform the following to implement the recommended state:

Search the Apache configuration files for the "SSLCompression" directive. If the directive is present, set it to "Off".

Restart the Apache service.

Check Contents

Search the Apache configuration files for the "SSLCompression" directive.

If the "SSLCompression" directive does not exist, this is a not a finding.

If the "SSLCompression" directive exists and is not set to "Off", this is a finding.

The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments