STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The HTTP request line must be limited.

DISA Rule

SV-32768r2_rule

Vulnerability Number

V-13739

Group Title

WA000-WWA066

Rule Version

WA000-WWA066 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the httpd.conf file and set the LimitRequestLine to 8190 or other approved value. If no LimitRequestLine directives exist, explicitly add the directive and set to 8190.

Check Contents

To view the LimitRequestLine value enter the following command:

grep "LimitRequestLine" /usr/local/apache2/conf/httpd.conf.

If the value of LimitRequestLine is not set to 8190, this is a finding.
If no LimitRequestLine directives exist, this is a Finding. Although the default value is 8190, this directive must be explicitly set.

Vulnerability Number

V-13739

Documentable

False

Rule Version

WA000-WWA066 A22

Severity Override Guidance

To view the LimitRequestLine value enter the following command:

grep "LimitRequestLine" /usr/local/apache2/conf/httpd.conf.

If the value of LimitRequestLine is not set to 8190, this is a finding.
If no LimitRequestLine directives exist, this is a Finding. Although the default value is 8190, this directive must be explicitly set.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments