Directory Browsing is not disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6755 | WA000-WI090 | SV-6971r1_rule | Medium |
| Description |
|---|
| This ensures that your directory structure, filenames, and web publishing features are not accessible. Such information and the contents of files listed are normally readable by the anonymous web user, yet are not intended to be viewed as they often contain information relevant to the configuration and security of the web service. The Directory Browsing feature can be used to facilitate a directory traversal and subsequent directory traversal exploits. |
| STIG | Date |
|---|---|
| IIS 7.0 Server STIG | 2019-03-22 |
Details
| Check Text ( C-2867r1_chk ) |
|---|
| Using IIS Manager: Select the web site to be examined. Select the Properties option. Select the Home Directory tab. In the window that appears, if the Directory Browsing checkbox is selected, Directory Browsing is enabled. If the Directory Browsing feature is enabled this is a finding. -------------------- |
| Fix Text (F-6390r1_fix) |
|---|
| Internet Services Manager (this selection starts the Microsoft Management Console, MMC) >> Select web site to be examined. Select Properties option by right clicking. Select Home Directory tab. In the dialog menus that appear deselect the Directory Browsing checkbox to disable Directory Browsing. |