Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13714 | WA000-WI6080 IIS6 | SV-38160r1_rule | Medium |
Description |
---|
IIS6 Http.sys is the kernel mode driver that handles HTTP requests. There are several registry keys associated with http.sys. If the AllowRestrictedChars key is set to a nonzero value, Http.sys accepts hex-escaped chars in request URLs that decode to U+0000 – U+001F and U+007F – U+009F ranges. If this capability is enabled it allows malicious characters to be hex-encoded by an attacker in an attempt to bypass input validation routines. |
STIG | Date |
---|---|
IIS 7.0 Server STIG | 2019-03-22 |
Check Text ( C-37541r1_chk ) |
---|
1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Ensure the value for the AllowRestrictedChars key is set to REG_DWORD 0. If the registry key is not set to 0 or does not exist, this is a finding. |
Fix Text (F-32787r1_fix) |
---|
1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Set the value for the AllowRestrictedChars key to REG_DWORD 0 or add the key and set it to REG_DWORD 0. |