Skip to content

Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule asis_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule imagemap_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule actions_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule speling_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule userdir_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the AliasMatch directive pertaining to the OHS manuals disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the Directory directive pointing to the OHS manuals disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule auth_basic_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule authz_user_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule authn_file_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule authn_anon_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule proxy_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule proxy_http_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule proxy_ftp_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • OHS must have the LoadModule proxy_connect_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule proxy_balancer_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule cern_meta_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule expires_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule usertrack_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule uniqueid_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule setenvif_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the BrowserMatch directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the LoadModule dumpio_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the IfModule dumpio_module directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Low Severity
  • SRG-APP-000141-WSR-000075

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the Alias /icons/ directive disabled.

    &lt;VulnDiscussion&gt;A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules