STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must limit the character set used for data entry.

DISA Rule

SV-54429r3_rule

Vulnerability Number

V-41852

Group Title

SRG-APP-000251-WSR-000157

Rule Version

SRG-APP-000251-WSR-000157

Severity

CAT II

CCI(s)

CCI-001310 - The information system checks the validity of organization-defined inputs.

Weight

Fix Recommendation

Configure the web server to only accept the character sets expected by the hosted applications.

Check Contents

Review the web server documentation and deployed configuration to determine what the data set is for data entry.

If the web server does not limit the data set used for data entry, this is a finding.

Vulnerability Number

V-41852

Documentable

False

Rule Version

SRG-APP-000251-WSR-000157

Severity Override Guidance

Review the web server documentation and deployed configuration to determine what the data set is for data entry.

If the web server does not limit the data set used for data entry, this is a finding.

Check Content Reference

Target Key

2557

The web server must limit the character set used for data entry.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments