Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-100151 | IIST-SV-000138 | SV-109255r1_rule | Medium |
Description |
---|
Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled, the risk of inadvertently disclosing sensitive content is increased. |
STIG | Date |
---|---|
Microsoft IIS 10.0 Server Security Technical Implementation Guide | 2020-06-08 |
Check Text ( C-99003r1_chk ) |
---|
Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "Directory Browsing" icon. Under the “Actions” pane verify "Directory Browsing" is disabled. If “Directory Browsing” is not disabled, this is a finding. |
Fix Text (F-105837r1_fix) |
---|
Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "Directory Browsing" icon. Under the "Actions" pane click "Disabled". Under the "Actions" pane, click "Apply". |