Documentation - V-206412

V-206412

Web Server Security Requirements Guide

CAT II

Title

Warning and error messages displayed to clients must be modified to minimize the identity of the web server, patches, loaded modules, and directory paths.

Description

<VulnDiscussion>Information needed by an attacker to begin looking for possible vulnerabilities in a web server includes any information about the web server, backend systems being accessed, and plug-ins or modules being used. Web servers will often display error messages to client users displaying enough information to aid in the debugging of the error. The information given back in error messages may display the web server type, version, patches installed, plug-ins and modules installed, typ...

Fix Text (Documentation Requirement)

Configure the web server to minimize the information provided to the client in warning and error messages.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel