Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13686 | WG235 A22 | SV-33024r1_rule | High |
Description |
---|
Logging in to a web server via an unencrypted protocol or service, to upload documents to the web site, is a risk if proper encryption is not utilized to protect the data being transmitted. An encrypted protocol or service must be used for remote access to web administration tasks. |
STIG | Date |
---|---|
APACHE 2.2 Site for UNIX Security Technical Implementation Guide | 2019-01-07 |
Check Text ( C-33706r1_chk ) |
---|
Determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding. |
Fix Text (F-29338r1_fix) |
---|
Use only secure encrypted logons and connections for uploading files to the web site. |