CCE-27822-6| Platform: apache-httpd2.2 | Date: (C)2013-02-19 (M)2022-10-10 |
The path for Apache sites error log files should be configured appropriately.
Parameter:
(1) File path
Technical Mechanism:
(1) Apache configuration file: ErrorLog directive
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : | Attack Vector: |
| Exploit Score: | Attack Complexity: |
| Impact Score: | Privileges Required: |
| Severity: | User Interaction: |
| Vector: | Scope: |
| | Confidentiality: |
| | Integrity: |
| | Availability: |
| | |
References: | Resource Id | Reference |
|---|
| CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 2012 | 1.6.1 Configure the Error Log (Level 1, Scorable)
Add an ErrorLog directive if not already configured. The file path may be relative or absolute, or the logs may be configured to be sent to a syslog server. ErrorLog "logs/error_log" Add a similar ErrorLog directive for each virtual host configured if the virtual host will have different people responsible for the web site. Each responsible individual or organization needs access to their own web logs, and needs the skills/training/tools for monitor the logs. page 50 |
| CIS Security Configuration Benchmark For Apache Web Server 2.2.0 Version 2.2.0 November 2008 | 2.5 Syslog Logging p44-45 |
| DISA STIG Apache SITE 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011 | Rule Title: Error logging must be enabled.
STIG ID: WA00605 W22 Rule ID: SV-33147r1_rule Vuln ID: V-26279
Severity: CAT II Class: Unclass |
| DISA STIG Apache SITE 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011 | Rule Title: Error logging must be enabled.
STIG ID: WA00605 A22 Rule ID: SV-33192r1_rule Vuln ID: V-26279
Severity: CAT II Class: Unclass |
