STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Web Distributed Authoring and Versioning (WebDAV) must be disabled.

DISA Rule

SV-33169r2_rule

Vulnerability Number

V-26287

Group Title

WA00505

Rule Version

WA00505 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Disable all WebDAV modules by adding a "#" in front of them within the httpd.conf file, and restarting the Apache service.

Check Contents

Open a command prompt window.

Navigate to the “bin” directory (in many cases this may be [Drive Letter]:\[directory path]\Apache Software Foundation\Apache2.2\bin>).

Enter the following command: httpd –M <enter>
NOTE: Some installations may be running under apache.exe. In such case, validate by running the following command: apache -M <enter>
This will provide a list of all loaded modules. If any of the following modules are found this is a finding: dav_module, dav_fs_module, or dav_lock_module.

Vulnerability Number

V-26287

Documentable

False

Rule Version

WA00505 W22

Severity Override Guidance

Open a command prompt window.

Navigate to the “bin” directory (in many cases this may be [Drive Letter]:\[directory path]\Apache Software Foundation\Apache2.2\bin>).

Enter the following command: httpd –M <enter>
NOTE: Some installations may be running under apache.exe. In such case, validate by running the following command: apache -M <enter>
This will provide a list of all loaded modules. If any of the following modules are found this is a finding: dav_module, dav_fs_module, or dav_lock_module.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments