Back

Configure the "ErrorDocument" setting for "HTTP 400 errors" to organizational standards.


CONTROL ID
09013
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Apache and Tomcat to Organizational Standards., CC ID: 08987

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The Apache ErrorDocument directive should be set correctly for HTTP 400 errors. Technical Mechanisms: (1) Apache configuration file: 'ErrorDocument 400' directive Parameters: (1) message/document References: L1 11. Web Server Software Obfuscation General Directives p17 2.7 Additional So… (CCE-27960-4, Common Configuration Enumeration List, Combined XML: Apache 1.3, 5.20130214)
  • The Apache ErrorDocument directive should be set correctly for HTTP 400 errors. Technical Mechanisms: (1) Apache configuration file: 'ErrorDocument 400' directive Parameters: (1) message/document References: L1 11. Web Server Software Obfuscation General Directives p17 (CCE-28057-8, Common Configuration Enumeration List, Combined XML: Apache 2.0, 5.20130214)
  • The Apache ErrorDocument directive should be set correctly for HTTP 400 errors. Technical Mechanisms: (1) Apache configuration file: 'ErrorDocument 400' directive Parameters: (1) message/document References: 2.7 Additional Software Information Leakage Protection p50 (CCE-27791-3, Common Configuration Enumeration List, Combined XML: Apache 2.2, 5.20130214)