V-214374
SV-214374r1138074_rule
CAT II
The Apache web server must separate the hosted applications from hosted Apache web server management functionality.
From: Apache Server 2.4 Windows Site Security Technical Implementation Guide (V2R3)
Description
<VulnDiscussion>The separation of user functionality from web server management can be accomplished by moving management functions to a separate IP address or port. To further separate the management functions, separate authentication methods and certificates should be used.
By moving the management functionality, the possibility of accidental discovery of the management functions by non-privileged users during hosted application use is minimized.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review the web server documentation and deployed configuration to determine whether hosted application functionality is separated from web server management functions.
If the functions are not separated, this is a finding.
Fix Text
Configure Apache to separate the hosted applications from web server management functionality.
CCI Reference
CCI-001082- Created
- 2026-04-07 20:08:10
- Last Updated
- 2026-04-07 20:08:10