STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Web server status module must be disabled.

DISA Rule

SV-33218r1_rule

Vulnerability Number

V-26294

Group Title

WA00510

Rule Version

WA00510 A22

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Edit the httpd.conf file and disable info_module and status_module.

Check Contents

Enter the following command:

/usr/local/Apache2.2/bin/httpd –M.

This will provide a list of all loaded modules. If any of the following modules are found, this is a finding.

info_module
status_module

Vulnerability Number

V-26294

Documentable

False

Rule Version

WA00510 A22

Severity Override Guidance

Check Content Reference

Responsibility

Web Administrator

Target Key

158

Web server status module must be disabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments