WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Index Server Web Interface Disallowed'

Information

IIS file extensions which require server-side processing, but which have been deemed vulnerable, include .htr, .htw, .ida, .idc, .idq, .printer, .shtml, .shtm, .bat, .cmd and .stm. Requests to these file types can exploit a stack buffer overflow weakness in the ism.dll, httpodbc.dll, and ssinc.dll.

Solution

Remove unused and vulnerable script mappings.

See Also

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CAT|I, Rule-ID|SV-16145r2_rule, STIG-ID|WA000-WI050_IIS6, Vuln-ID|V-2267

Plugin: Windows

Control ID: 50a0ac2d676a62a006797326b2cb44e1b7960ebac7cfc69e1cfd30440b75b24a