CCE-27246-8| Platform: apache-httpd2.2 | Date: (C)2013-02-19 (M)2022-10-10 |
Apache's listening port should be configured appropriately.
Parameter:
(1) port number
Technical Mechanism:
(1) Apache configuration file: Listen directive
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : | Attack Vector: |
| Exploit Score: | Attack Complexity: |
| Impact Score: | Privileges Required: |
| Severity: | User Interaction: |
| Vector: | Scope: |
| | Confidentiality: |
| | Integrity: |
| | Availability: |
| | |
References: | Resource Id | Reference |
|---|
| CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 2012 | 1.9.3 Restrict Listen Directive (Level 2, Scorable)
The Apache Listen directive specifies the IP addresses and port numbers the Apache web server will listen for requests. Rather than be unrestricted to listen on all IP addresses available to the system, the specific IP address or addresses intended should be explicitly specified. Specifically a Listen directive with no IP address specified, or with an IP address of zeros should not be used. Page 74 |
| DISA STIG Apache SERVER 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011 | Rule Title: The web server must be configured to listen on a specific IP address and port.
STIG ID: WA00555 W22 Rule ID: SV-33184r1_rule Vuln ID: V-26326
Severity: CAT II Class: Unclass |
| DISA STIG Apache SERVER 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011 | Rule Title: The web server must be configured to listen on a specific IP address and port.
STIG ID: WA00555 A22 Rule ID: SV-33228r1_rule Vuln ID: V-26326
Severity: CAT II Class: Unclass |
