APACHE 2.2 Server for Windows Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
All web server documentation, sample code, example applications, and tutorials must be removed from a production web server.
Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server. A production web server may only contain components that are operationally n...Rule High Severity -
All interactive programs must be placed in a designated directory with appropriate permissions.
CGI scripts are one of the most exploited vulnerabilities on web servers. CGI script execution in Apache can be accomplished via two methods. The first method uses the ScriptAlias directive to te...Rule Medium Severity -
The MultiViews directive must be disabled.
Apache HTTPD supports content negotiation as described in the HTTP/1.1 specification. It can choose the best representation of a resource based on the browser-supplied preferences for media type, l...Rule Medium Severity -
The HTTP request message body size must be limited.
Buffer overflow attacks are carried out by a malicious attacker sending amounts of data that the web server cannot store in a given size buffer. The eventual overflow of this buffer can overwrite s...Rule Medium Severity -
The HTTP request header field size must be limited.
Buffer overflow attacks are carried out by a malicious attacker sending amounts of data that the web server cannot store in a given size buffer. The eventual overflow of this buffer can overwrite s...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules