UCF STIG Viewer Logo

Web server software will always be vendor-supported versions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2246 WG190 SV-2246r6_rule ECSC-1 High
Description
Many vulnerabilities are associated with older versions of web server software. As hot fixes and patches are issued, these solutions are included in the next version of the server software. Maintaining the web server at a current version makes the efforts of a malicious user to exploit the web service more difficult.
STIG Date
Web Server STIG 2010-10-07

Details

Check Text ( C-29915r1_chk )
The reviewer should verify what versions of the web server software are running on the server by examining the server.

Since this is a generic checklist, it is not practical to attempt to list all supported software versions. The reviewer will need to have the SA or the web administrator provide evidence that the vendor is still supporting the product. This can be done by visiting the vendor’s web site, viewing a service agreement that the site has with the vendor, or observing recent patches provided by the vendor for the web server software. These are not the only ways that are acceptable to verify this, so the reviewer will have to make a determination if the site has provided sufficient evidence that the web server software is supported.

If the site is using unsupported web server software, this is a finding.
Fix Text (F-2295r2_fix)
Upgrade to the current version of the web server software and maintain appropriate service packs and patches.