The EnableNonUTF8 registry key must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13715 | WA000-WI6082 IIS6 | SV-38161r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Http.sys is the kernel mode driver that handles HTTP requests. There are several registry keys associated with http.sys. The EnableNonUTF8 registry key expands the amount of character types the web server accepts. Hackers can use this capability to submit content in a URL that can execute in the CPU by means of a buffer overflow. |
| STIG | Date |
|---|---|
| IIS6 Server | 2015-06-01 |
Details
| Check Text ( C-37542r1_chk ) |
|---|
| 1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters EnableNonUTF8. 3. Ensure the value for the EnableNonUTF8 key is REG_DWORD 0. If the registry key is not set to 0 or does not exist, this is a finding. |
| Fix Text (F-32788r1_fix) |
|---|
| 1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Set the value for the EnableNonUTF8 key to REG_DWORD 0 or add the key and set it to REG_DWORD 0. |