The command shell options must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13701 | WA000-WI110 IIS6 | SV-38159r1_rule | ECSC-1 | High |
| Description |
|---|
| The command shell can be used to call arbitrary commands at the web server from within an HTML page. |
| STIG | Date |
|---|---|
| IIS6 Server | 2015-06-01 |
Details
| Check Text ( C-37540r1_chk ) |
|---|
| Check the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters for the following value: SSIEnableCmdDirective REG_DWORD 0. If the key does not exist or if the value is not a REG_DWORD= 0, this is a finding. |
| Fix Text (F-32786r1_fix) |
|---|
| Set the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters to the following value: SSIEnableCmdDirective REG_DWORD 0 |