UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

OHS must have the HeaderName directive disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-64277 OH12-1X-000110 SV-78767r1_rule Medium
Description
A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.
STIG Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide 2020-06-12

Details

Check Text ( C-65029r1_chk )
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "HeaderName" directive.

2. Search for a "HeaderName" directive at the OHS server, virtual host, and directory configuration scopes.

3. If the directive exists and is not commented out, this is a finding.
Fix Text (F-70207r1_fix)
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "HeaderName" directive.

2. Search for a "HeaderName" directive at the OHS server, virtual host, and directory configuration scopes.

3. Comment out the "HeaderName" directive if it exists.