STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must not perform user management for hosted applications.

DISA Rule

SV-70243r2_rule

Vulnerability Number

V-55989

Group Title

SRG-APP-000141-WSR-000015

Rule Version

SRG-APP-000141-WSR-000015

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

Configure the web server to disable user management functionality.

Check Contents

Review the web server documentation and configuration to determine if the web server is being used as a user management application.

If the web server is being used to perform user management for the hosted applications, this is a finding.

Vulnerability Number

V-55989

Documentable

False

Rule Version

SRG-APP-000141-WSR-000015

Severity Override Guidance

Check Content Reference

Target Key

2557

The web server must not perform user management for hosted applications.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments