Information
Apply available Apache patches within 1 month of availability.
Rationale:
Obviously knowing about newly discovered vulnerabilities is only part of the solution; there needs to be a process in place where patches are tested and installed. These patches fix diverse problems, including security issues. It is recommended to use the Apache packages and updates provided by the Linux platform vendor rather than building from source when possible, in order to minimize the disruption and the work of keeping the software up-to-date.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Update to the latest Apache release available according to either of the following:
When building from source:
Read release notes and related security patch information
Download latest source and any dependent modules such as mod_security.
Build new Apache software according to your build process with the same configuration options.
Install and test the new software according to your organization's testing process.
Move to production according to your organization's deployment process.
When using platform packages:
Read release notes and related security patch information
Download and install latest available Apache package and any dependent software.
Test the new software according to your organization's testing process.
Move to production according to your organization's deployment process.
Default Value:
Not Applicable