STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS must be tuned to handle the operational requirements of the hosted application.

DISA Rule

SV-79019r1_rule

Vulnerability Number

V-64529

Group Title

SRG-APP-000435-WSR-000148

Rule Version

OH12-1X-000307

Severity

CAT II

CCI(s)

CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

Fix Recommendation

Set the following directives appropriately for the server and application:
MaxClients
MPM Module
-worker (StartServers, MinSpareThreads, MaxSpareThreads, ThreadsPerChild)
Timeout
KeepAlive
KeepAliveTimeout
MaxKeepAliveRequests
ListenBacklog
LimitRequestBody
LimitRequestFields
LimitRequestFieldSize
LimitRequestLine
LimitXMLRequestBody
LimitInternalRecursion

Check Contents

1. Check to see if the following directives have been set appropriately for the server and application:
MaxClients
MPM Module
-worker (StartServers, MinSpareThreads, MaxSpareThreads, ThreadsPerChild)
Timeout
KeepAlive
KeepAliveTimeout
MaxKeepAliveRequests
ListenBacklog
LimitRequestBody
LimitRequestFields
LimitRequestFieldSize
LimitRequestLine
LimitXMLRequestBody
LimitInternalRecursion

2. If the above directives have not been set to address the specific needs of the web server and applications, this is a finding.

OHS must be tuned to handle the operational requirements of the hosted application.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments