[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-27554-5

Platform: apache-httpd2.2Date: (C)2013-02-19   (M)2022-10-10



The Apache "LimitRequestFieldSizeBody" directive should be configured appropriately.


Parameter:

(1) Number value (in bytes)


Technical Mechanism:

(1) Apache configuration file: LimitRequestFieldSizeBody directive

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 20121.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestFieldsize directive in the Apache configuration to have a value of 1024 or less. LimitRequestFieldsize 1024 page 73
CIS Security Configuration Benchmark For Apache Web Server 2.2.0 Version 2.2.0 November 20081.14 Buffer Overflow Protection Tuning p24
DISA STIG Apache SERVER 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011Rule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 W22 Rule ID: SV-33010r1_rule Vuln ID: V-13738 Severity: CAT II Class: Unclass
DISA STIG Apache SERVER 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011Rule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 A22 Rule ID: SV-32766r1_rule Vuln ID: V-13738 Severity: CAT II Class: Unclass


CPE    1
cpe:/a:apache:http_server:2.2

© SecPod Technologies