[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-27618-8

Platform: apache-httpd2.2Date: (C)2013-02-19   (M)2022-10-10



The Apache "LimitRequestBody" directive should be configured appropriately.


Parameter:

(1) Number value (in bytes)


Technical Mechanism:

(1) Apache configuration file: LimitRequestBody directive

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 20121.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestBody directive in the Apache configuration to have a value of 102400 (100K) or less. Please read the Apache documentation so that it is understood that this directive will limit the size of file up-loads to the web server. LimitRequestBody 102400 page 73
CIS Security Configuration Benchmark For Apache Web Server 2.2.0 Version 2.2.0 November 20081.14 Buffer Overflow Protection Tuning p23
DISA STIG Apache SERVER 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011Rule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 W22 Rule ID: SV-33008r1_rule Vuln ID: V-13736 Severity: CAT II Class: Unclass
DISA STIG Apache SERVER 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011Rule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 A22 Rule ID: SV-32756r1_rule Vuln ID: V-13736 Severity: CAT II Class: Unclass+G66


CPE    1
cpe:/a:apache:http_server:2.2

© SecPod Technologies