UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to the web content and script directories must be restricted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2258 WG290 IIS7 SV-32331r2_rule ECLP-1 High
Description
Excessive permission for the anonymous web user account is a common fault contributing to the compromise of a web server. If this account is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset.
STIG Date
IIS 7.0 WEB SITE STIG 2015-08-27

Details

Check Text ( C-32737r1_chk )
1. Open the IIS Manager.
2. Click the site name under review.
3. In the Action Pane select Edit Permissions.
4. Select the Security tab.
5. Review the permissions for the accounts. If the IUSR or Everyone Account permission is greater than read, this is a finding.
Fix Text (F-29064r1_fix)
1. Open the IIS Manager.
2. Click the site name under review.
3. In the Action Pane select Edit Permissions.
4. Select the Security tab.
5. Set the permissions for the accounts IUSR and Everyone to read.