Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13701 | WA000-WI110 IIS6 | SV-38159r1_rule | ECSC-1 | High |
Description |
---|
The command shell can be used to call arbitrary commands at the web server from within an HTML page. |
STIG | Date |
---|---|
IIS6 Server | 2014-12-05 |
Check Text ( C-37540r1_chk ) |
---|
Check the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters for the following value: SSIEnableCmdDirective REG_DWORD 0. If the key does not exist or if the value is not a REG_DWORD= 0, this is a finding. |
Fix Text (F-32786r1_fix) |
---|
Set the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters to the following value: SSIEnableCmdDirective REG_DWORD 0 |