macOS 15 - Sequoia
The macOS system must disable the built-in web server
STIG ID:
APPL-15-002008
|
SRG:
SRG-OS-000080-GPOS-00048
|
Severity:
Medium
|
CCI:
CCI-000213
|
Vulnerability ID:
V-268484
Description
The built-in web server is a nonessential service built into macOS and must be disabled.NOTE: The built-in web server is disabled at startup by default with macOS.
Check
C-268484r1034392_chk
Verify the macOS system is configured to disable the built-in web server with the following command:/bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => disabled'If the result is not "1", this is a finding.
Fix
F-72415r1034391_fix
Configure the macOS system to disable the built-in web server with the following command:/bin/launchctl disable system/org.apache.httpdThe system may need to be restarted for the update to take effect.