The web server must be a version supported by the vendor.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279029 | SRG-APP-001035-WSR-000340 | SV-279029r1138083_rule | CCI-003376 | high |
| Description | ||||
| Unsupported software and systems should not be used because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities. Software and systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation. When maintenance updates and patches are no longer available, software is no longer considered supported and should be upgraded or decommissioned. | ||||
| STIG | Date | |||
| Web Server Security Requirements Guide | 2025-09-10 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SA-22
1.00
- DISA · V4R4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-003376
1.00
- DISA · V4R4 · disa_xccdf · related
Details
Check Text (C-279029r1138083_chk)
Verify that the web server is a version supported by the vendor.
If the web server is not a version supported by the vendor, this is a finding.
Fix Text (F-83482r1138082_fix)
Install or upgrade the webserver to a version supported by the vendor.