STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The MultiViews directive must be disabled.

DISA Rule

SV-33004r2_rule

Vulnerability Number

V-13734

Group Title

WA000-WWA056

Rule Version

WA000-WWA056 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Add a "-" to the MultiViews setting, or set the options directive to None.

Check Contents

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as Notepad, and search for all occurrences of the following directive: Options.

This check validates occurrences of the Options directive which are uncommented.
Review all uncommented Options statements for "-MultiViews"and validate a preceding "-" to the MultiViews option exists.

If the value is found on the Options statement, and it does not have a preceding "-", this is a finding.
If the value does not exist at all, this would be a finding unless the enabled Options statement is set to "none".

Vulnerability Number

V-13734

Documentable

False

Rule Version

WA000-WWA056 W22

Severity Override Guidance

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as Notepad, and search for all occurrences of the following directive: Options.

This check validates occurrences of the Options directive which are uncommented.
Review all uncommented Options statements for "-MultiViews"and validate a preceding "-" to the MultiViews option exists.

If the value is found on the Options statement, and it does not have a preceding "-", this is a finding.
If the value does not exist at all, this would be a finding unless the enabled Options statement is set to "none".

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments