CCE-92213-8Platform: Amazon Linux | Date: (C)2018-10-29 (M)2022-10-10 |
Disable Server Activity Status
The 'status' module provides real-time access to statistics on the internal operation of
the web server. This may constitute an unnecessary information leak and should be disabled
unless necessary. To do so, comment out the related module:
'#LoadModule status_module modules/mod_status.so'
If there is a critical need for this module, ensure that access to the status
page is properly restricted to a limited set of hosts in the status handler
configuration.
Parameter:
Technical Mechanism:
Minimizing the number of loadable modules available to the web server reduces risk
by limiting the capabilities allowed by the web server.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48400 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48400 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48840 |