STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Installation of a compiler on production web server must be prohibited.

DISA Rule

SV-33061r3_rule

Vulnerability Number

V-2236

Group Title

WG080

Rule Version

WG080 W22

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Remove any compiler found on the production web server. If the compiler is needed to patch the product in a production environment, document the compiler installation with the ISSO/ISSM and ensure that the compiler is restricted to only administrative users.

Check Contents

Using Windows Explorer, search the system for the existence of known compilers such as msc.exe, msvc.exe, Python.exe, javac.exe, Lcc-win32.exe, or equivalent. Look in all hard drives.

Also, query the SA and the Web Manager to determine if a compiler is present on the server.

Query the SA and the Web Manager to determine if a compiler is present on the server. If a compiler is present, this is a finding.

NOTE: When Apache is part of a suite install, e.g. application server, and a compiler is needed for installation and patching of the product, document the installation of the compiler with the ISSO/ISSM and verify that the compiler is restricted to administrative users only. If documented and restricted to administrative users, this is not a finding.

Installation of a compiler on production web server must be prohibited.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments