STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Server for Windows Security Technical Implementation Guide

V-2246

CAT I (High)

The web server must use a vendor-supported version of the web server software.

Rule ID

SV-33068r2_rule

STIG

APACHE 2.2 Server for Windows Security Technical Implementation Guide

Version

V1R13

CCIs

None

Discussion

Many vulnerabilities are associated with old versions of web server software. As hot fixes and patches are issued, these solutions are included in the next version of the server software. Maintaining the web server at a current version makes the efforts of a malicious user to exploit the web service more difficult.

Check Content

Determine the version of the Apache software that is running on the system. 

Use the command line interface and navigate to the directory where Apache httpd Server is installed. From the command line type the following command: httpd.exe –v. Press Enter. This will display the version of apache installed on the system.

Note: There are other ways, too, of determining the version of Apache (in the service itself and Add/Remove programs).

If the version of Apache is not at the following version or higher, this is a finding.

Apache httpd server version 2.2 - Release 2.2.31 (July 2015)

Fix Text

Upgrade software to a supported version.