Detections
Analytics
IIST-SV-000220 - The Request Smuggling filter must be enabled.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Security scans show Request Smuggling vulnerability on IIS server.The vulnerability allows a remote attacker to perform HTTP request smuggling attack.
The vulnerability exists due to the way that HTTP proxies (front-end) and web servers (back-end) that do not strictly adhere to RFC standards handle sequences of HTTP requests received from multiple sources. A remote attacker can send a specially crafted request to a targeted IIS Server, perform HTTP request smuggling attack and modify responses or retrieve information from another user's HTTP session.
Solution
Navigate to 'HKLM\System\CurrentControlSet\Services\HTTP\Parameters'.Create REG_DWORD 'DisableRequestSmuggling' and set it to '1'.
Note: This can be performed multiple ways; this is an example.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_10-0_Y24M10_STIG.zip
Item Details
Audit Name: DISA IIS 10.0 Server v3r2
References: CAT|II, CCI|CCI-000381, Rule-ID|SV-268325r1025163_rule, STIG-ID|IIST-SV-000220, STIG-Legacy|SV-109223, STIG-Legacy|V-100119, Vuln-ID|V-268325
Plugin: Windows
Control ID: 88d0f8d53189e9ea23aa7f51dcdca592a915f309eb1b811e1c7fd3ea86ba33fe