Check: AS24-W1-000960
Apache Server 2.4 Windows Server STIG:
AS24-W1-000960
(in versions v2 r3 through v1 r0.1)
Title
The Apache web server software must be a vendor-supported version. (Cat I impact)
Discussion
Many vulnerabilities are associated with older versions of web server software. As hot fixes and patches are issued, these solutions are included in the next version of the server software. Maintaining the web server at a current version makes the efforts of a malicious user to exploit the web service more difficult.
Check Content
Determine the version of the Apache software that is running on the system. In a command line, navigate to "<'INSTALLED PATH'>\bin". Run "httpd -v" to view the Apache version. If the version of Apache is not at the following version or higher, this is a finding: Apache 2.4 (February 2012)
Fix Text
Install the current version of the web server software and maintain appropriate service packs and patches.
Additional Identifiers
Rule ID: SV-214359r879887_rule
Vulnerability ID: V-214359
Group Title: SRG-APP-000516-WSR-000174
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |