UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Web Administrators must only use encrypted connections for Document Root directory uploads.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13686 WG235 A22 SV-33024r1_rule High
Description
Logging in to a web server via an unencrypted protocol or service, to upload documents to the web site, is a risk if proper encryption is not utilized to protect the data being transmitted. An encrypted protocol or service must be used for remote access to web administration tasks.
STIG Date
APACHE 2.2 Site for UNIX Security Technical Implementation Guide 2018-07-06

Details

Check Text ( C-33706r1_chk )
Determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding.
Fix Text (F-29338r1_fix)
Use only secure encrypted logons and connections for uploading files to the web site.