AS24-W1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials.

Information

Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server because this type of code has not been evaluated and approved. A production web server must only contain components that are operationally necessary (e.g., compiled code, scripts, web-content, etc.).

Any documentation, sample code, example applications, and tutorials must be removed from a production web server. To ensure that the documentation and code are not installed or uninstalled completely, the web server must offer an option as part of the installation process to exclude these packages or to uninstall the packages if necessary.

Satisfies: SRG-APP-000141-WSR-000077, SRG-APP-000141-WSR-000080

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Remove any unnecessary applications.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Server_2-4_Windows_Y23M01_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|I, CCI|CCI-000381, Rule-ID|SV-214321r879587_rule, STIG-ID|AS24-W1-000270, STIG-Legacy|SV-102463, STIG-Legacy|V-92375, Vuln-ID|V-214321

Plugin: Windows

Control ID: 70cc6632321a3a11a12ee08fd5787d7cf4b001f437effd7b32fb4a4a7b7dd907