STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The web server’s htpasswd files (if present) must reflect proper ownership and permissions.

DISA Rule

SV-36561r2_rule

Vulnerability Number

V-2255

Group Title

WG270

Rule Version

WG270 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The SA or Web Manager account should have Full Control, the account running the web service should have read and execute permissions to the htpasswd file.

Check Contents

Search for the htpasswd.exe file. Right click the htpasswd file, if present. Select the Properties window, select the Security tab.

Examine the access rights for the file. The SA or Web Manager account should have Full Control, the account running the web service should have read and execute permissions.

If entries other than Administrators, Web Manager account, or System are present, this is a finding.

Vulnerability Number

V-2255

Documentable

False

Rule Version

WG270 W22

Severity Override Guidance

Search for the htpasswd.exe file. Right click the htpasswd file, if present. Select the Properties window, select the Security tab.

Examine the access rights for the file. The SA or Web Manager account should have Full Control, the account running the web service should have read and execute permissions.

If entries other than Administrators, Web Manager account, or System are present, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments