Documentation - V-206432

V-206432

Web Server Security Requirements Guide

CAT II

Title

The web server must be protected from being stopped by a non-privileged user.

Description

<VulnDiscussion>An attacker has at least two reasons to stop a web server. The first is to cause a DoS, and the second is to put in place changes the attacker made to the web server configuration. To prohibit an attacker from stopping the web server, the process ID (pid) of the web server and the utilities used to start/stop the web server must be protected from access by non-privileged users. By knowing the pid and having access to the web server utilities, a non-privileged user has a greater...

Fix Text (Documentation Requirement)

Remove or modify non-privileged account access to the web server process ID and the utilities used for starting/stopping the web server.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel