Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Directory Browsing on the IIS 10.0 web server must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-218808 | IIST-SV-000138 | SV-218808r961158_rule | Medium |
| Description |
|---|
| Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled, the risk of inadvertently disclosing sensitive content is increased. |
| STIG | Date |
|---|---|
| Microsoft IIS 10.0 Server Security Technical Implementation Guide | 2024-06-10 |
Details
| Check Text ( C-20280r310899_chk ) |
|---|
| Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "Directory Browsing" icon. Under the “Actions” pane verify "Directory Browsing" is disabled. If “Directory Browsing” is not disabled, this is a finding. |
| Fix Text (F-20278r310900_fix) |
|---|
| Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "Directory Browsing" icon. Under the "Actions" pane click "Disabled". Under the "Actions" pane, click "Apply". |