| NaN |
Version: 5.20130214 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE ID |
CCE Description |
CCE Parameters |
CCE Technical Mechanisms |
NaN |
Microsoft Online Documentation |
Cert-In Securing IIS 6.0 Web Server |
STIG IIS6 Site Version: 6 Release: 13 Benchmark Date: 28 Oct 2011 |
STIG IIS6 Server Version: 6 Release: 13 Benchmark Date: 28 Oct 2011 |
| CCE-19815-0 |
The path of the IIS Web Root folder should be configured correctly. |
(1) local path |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab |
NaN |
NaN |
NaN |
Rule Title: The web document (home) directory must be on a separate partition from the web servers system files. STIG ID: WG205 IIS6 Rule ID: SV-30041r2_rule Vuln ID: V-3333 |
NaN |
| CCE-19592-5 |
The IIS Web Root directory should be named appropriately. |
(1) directory names |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab |
NaN |
NaN |
4.2.6 Securing the Web Site Directory and Content, pg 21 |
NaN |
NaN |
| CCE-19534-7 |
Individual IP addresses should be configured as appropriate for the specified websites. |
(1) TARGET: website (2) IP address |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > IP address |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1c1d212b-18ae-414a-b5ec-eaf5b000a0c3.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19871-3 |
The specified websites should be configured to use the appropriate network interfaces. |
(1) TARGET: website (2) exist/not exist |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > All Unassigned |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1c1d212b-18ae-414a-b5ec-eaf5b000a0c3.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19689-9 |
The master home directory "Enable Logging" setting should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Server > Enable Logging |
NaN |
http://technet.microsoft.com/en-us/library/cc779359%28v=ws.10%29.aspx |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-19133-8 |
The master home directory "Read" permission should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Read |
NaN |
NaN |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-20048-5 |
The master home directory "Write" permission should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Write |
NaN |
NaN |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-20017-0 |
The master home directory "Script Source Access" permission should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Script Source |
NaN |
NaN |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-19479-5 |
The master home directory "Directory Browsing" permission should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Directory Browsing |
NaN |
NaN |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-19263-3 |
The master home directory "Log Visits" permission should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Log Visits |
NaN |
NaN |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-19322-7 |
The master home directory "Index this resource" permission should be enabled or disabled as appropriate. |
(1) none/scripts/scripts&executables |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Index this resource |
NaN |
NaN |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-19625-3 |
The master home directory "Execute Permissions" permission should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Execute Permissions |
NaN |
NaN |
Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 |
NaN |
NaN |
| CCE-19903-4 |
The master home directory "Anonymous Access" permission for IIS websites should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Anonymous Access |
NaN |
NaN |
4.2.2 Authentication pg 16 |
NaN |
NaN |
| CCE-19259-1 |
The master home directory "Basic Authentication" setting should be enabled or disabled. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access |
NaN |
NaN |
4.2.2 Authentication pg 16 |
NaN |
NaN |
| CCE-19685-7 |
The master home directory "Integrated Windows Authentication" setting should be enabled or disabled. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access |
NaN |
NaN |
4.2.2 Authentication pg 16 |
NaN |
NaN |
| CCE-19932-3 |
The "Enable Logging" setting should be enabled or disabled for the specified web server |
(1) TARGET: server (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Enable Logging |
NaN |
NaN |
NaN |
Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 IIS6 Rule ID: SV-38065r1_rule Vuln ID: V-2250 |
NaN |
| CCE-19506-5 |
The "Read" permission should be enabled or disabled as appropriate for the home directory of the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on the specified website > Properties > Home Directory tab > Read |
NaN |
NaN |
NaN |
Rule Title: The IIS web site permissions "Write" or "Script Source" must not be selected. STIG ID: WA000-WI092 IIS6 Rule ID: SV-38020r1_rule Vuln ID: V-13699 |
NaN |
| CCE-19406-8 |
The "Write" privilege should be enabled or disabled as appropriate for the home directory of the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Write |
NaN |
NaN |
NaN |
Rule Title: The IIS web site permissions "Write" or "Script Source" must not be selected. STIG ID: WA000-WI092 IIS6 Rule ID: SV-38020r1_rule Vuln ID: V-13699 |
NaN |
| CCE-20005-5 |
The "Script Source Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Script Source |
NaN |
NaN |
NaN |
Rule Title: The IIS web site permissions "Write" or "Script Source" must not be selected. STIG ID: WA000-WI092 IIS6 Rule ID: SV-38020r1_rule Vuln ID: V-13699 |
NaN |
| CCE-19655-0 |
The "Directory Browsing" permission should be enabled or disabled as appropriate for the home directory of the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Directory Browsing |
NaN |
NaN |
NaN |
Rule Title: Directory browsing must be disabled. STIG ID: WA000-WI090 IIS6 Rule ID: SV-38016r1_rule Vuln ID: V-6755 |
NaN |
| CCE-19324-3 |
The"Log Visits" permission should be enabled or disabled as appropriate for the home directory of the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Log Visits |
NaN |
NaN |
NaN |
Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 IIS6 Rule ID: SV-38065r1_rule Vuln ID: V-2250 |
NaN |
| CCE-19092-6 |
The "Index this resource" permission should be enabled or disabled as appropriate for the home directory of the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Index this resource |
NaN |
NaN |
NaN |
Rule Title: Indexing Services must only index web content. STIG ID: WA000-WI070 IIS6 Rule ID: SV-38011r1_rule Vuln ID: V-3963 |
NaN |
| CCE-19716-0 |
The "Execute Permissions" permission should be set correctly for the specified websites. |
(1) TARGET: website (2) none/scripts/scripts&executables |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Execute Permissions |
NaN |
NaN |
NaN |
Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 IIS6 Rule ID: SV-30020r2_rule Vuln ID: V-2258 |
NaN |
| CCE-19138-7 |
The "Anonymous Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Anonymous Access |
NaN |
https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/035dcfd0-9a36-4788-b3b6-91dc6a9d9936.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19867-1 |
Basic Authentication should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access |
NaN |
https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f85f0f16-4fea-4852-980c-4982d53c9948.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19628-7 |
Integrated Windows Authentication should be enabled or disabled as appropriate the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access |
NaN |
https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5f8fe119-4095-4094-bba5-7dec361c7afe.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19432-4 |
The WWW service Special Characters In Shells setting should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\AllowSpecialCharsInShell |
NaN |
http://msdn.microsoft.com/en-us/library/aa711451%28v=vs.71%29.aspx |
NaN |
NaN |
NaN |
| CCE-19790-5 |
IIS WWW service SSL error logging should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel\EventLogging |
NaN |
http://support.microsoft.com/kb/260729 |
NaN |
NaN |
NaN |
| CCE-20065-9 |
The RDSServer.DataFactory object should be enable or disabeld as appropriate. |
(1) exist/not exist |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.Factory |
NaN |
http://technet.microsoft.com/en-us/security/bulletin/fq99-025 |
NaN |
NaN |
NaN |
| CCE-19711-1 |
The AdvancedDataFactory object should be enable or disabeld as appropriate. |
(1) exist/not exist |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory |
NaN |
http://technet.microsoft.com/en-us/security/bulletin/fq99-025 |
NaN |
NaN |
NaN |
| CCE-19384-7 |
The VbBusObj.VbBusObjCls object should be enable or disabeld as appropriate. |
(1) exist/not exist |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls |
NaN |
http://technet.microsoft.com/en-us/security/bulletin/fq99-025 |
NaN |
NaN |
NaN |
| CCE-19690-7 |
The execution context of the IIS CGI processes should be configured as appropriate. |
(1) enabled/disabled |
(1) 'CreateProcessAsUser' key in IIS metabase file |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7b55d524-60fc-4420-807b-e1797658088a.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-20023-8 |
The '.printer' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-19768-1 |
The '.htw' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-19946-3 |
The '.ida' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-19365-6 |
The '.idq' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-19527-1 |
The '.idc' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-19732-7 |
The '.shtm' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-20043-6 |
The '.stm' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-19545-3 |
The '.shtml' extension mapping should be configured as appropriate. |
(1) exist/not exist |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-20044-4 |
Relative path traversal should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: webiste (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > Enable Parent Paths |
NaN |
NaN |
NaN |
Rule Title: Interactive scripts must have proper access controls. STIG ID: WG410 IIS6 Rule ID: SV-28848r2_rule Vuln ID: V-2229 |
NaN |
| CCE-19751-7 |
The startup type of the IIS Admin (IISAdmin) service should be correct. |
(1) automatic/manual/disabled |
(1) defined by the Services Administrative Tool (2) definied by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN\Start |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2df6ff66-da04-4e7c-997d-8f7aa46af8c8.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-20034-5 |
Permissions on the Inetpub directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-19792-1 |
Permissions on the inetsrv directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-20014-7 |
Permissions on inetsrv\asp.dll should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-19433-2 |
Permissions on the Web Root "Images" directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-19643-6 |
Permissions on the Web Root "scripts" directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-19332-6 |
Permissions on the Web Root "executables" directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-20083-2 |
Permissions on the Web Root "docs" directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-19801-0 |
Permissions on the Web Root "home" directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-19618-8 |
Permissions on the Web Root "include" directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-20052-7 |
Permissions on the Web Root directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-19888-7 |
Permissions on the default Logfiles directory should be set appropriately. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL |
NaN |
NaN |
NaN |
NaN |
Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 |
| CCE-20077-4 |
The file auditing for the directory \%SystemRoot%\System32\Inetsrv should be configured appropriately. |
(1) set of accounts (2) events to audit (3) applicability |
(1) defined by the object's SACL |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ebf1885b-7217-4ac6-93a3-633ef248bc8f.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19977-8 |
The file auditing for the Inetpub directory should be configured appropriately. |
(1) set of accounts (2) events to audit (3) applicability |
(1) defined by the object's SACL |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ebf1885b-7217-4ac6-93a3-633ef248bc8f.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-20029-5 |
The file auditing for the Web Root directory should be configured appropriately. |
(1) set of accounts (2) events to audit (3) applicability |
(1) defined by the object's SACL |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ebf1885b-7217-4ac6-93a3-633ef248bc8f.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19884-6 |
HTTP protocol logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-20024-6 |
Date logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-19615-4 |
Time logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-19678-2 |
Client IP Address logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-19753-3 |
User name logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-19683-2 |
User agent logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19167-6 |
Method logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-20028-7 |
URI stem logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19606-3 |
URL query logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-19838-2 |
Server IP address logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19684-0 |
Server port logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19940-6 |
Protocol status logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass |
NaN |
| CCE-20080-8 |
Win32 status logging should be enabled or disabled as appropriate for the specified websites. |
(1) TARGET: website (2) enabled/disabled |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-20026-1 |
The path of the HTTP Log folder should be configured correctly for the specified websites. |
(1) TARGET: website (2) local path |
(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > Properties |
NaN |
http://msdn.microsoft.com/en-us/library/ff648653.aspx |
NaN |
NaN |
NaN |
| CCE-19641-0 |
The file auditing for the \Metaback directory should be configured appropriately. |
(1) set of accounts (2) events to audit (3) applicability |
(1) defined by the object's SACL |
NaN |
http://support.microsoft.com/kb/271071 |
NaN |
NaN |
NaN |
| CCE-19362-3 |
The membership of the IUSR account should be configured correctly. |
(1) set of accounts |
(1) defined by Local or Group Policy |
NaN |
NaN |
NaN |
NaN |
Rule Title: Anonymous access accounts must be restricted. STIG ID: WG195 IIS6 Rule ID: SV-29351r2_rule Vuln ID: V-6537 Severity: CAT I Class: Unclass |
| CCE-19611-3 |
The IUSR account should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
http://msdn.microsoft.com/en-us/library/ff648653.aspx |
NaN |
NaN |
NaN |
| CCE-20015-4 |
The IWAM account should be configured correctly. |
(1) valid name |
(1) WAMUserName Metabase Property |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8f8364a3-5d84-48fd-b6a7-044dad20c413.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19988-5 |
Server Side Includes command shell should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\SSIEnableCmdDirective |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-19691-5 |
Web-based password reset IIS application mappings (.htr) should be configured correctly. |
(1) exist/not exist |
(1) Internet Service manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button >App Mappings tab |
NaN |
NaN |
NaN |
Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 |
NaN |
| CCE-20020-4 |
IIS Sample files should be installed or not as appropriate. |
(1) exist/not exist |
(1) files in \Inetpub\iissamples |
NaN |
NaN |
NaN |
NaN |
Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 |
| CCE-19737-6 |
The sample Data Access files should be installed or not as appropriate. |
(1) exist/not exist |
(1) files in \Program Files\Common Files\System\msadc\Samples |
NaN |
NaN |
NaN |
NaN |
Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 |
| CCE-19956-2 |
IIS Help files should be installed or not as appropriate. |
(1) exist/not exist |
(1) files in %SystemRoot%\help\iishelp |
NaN |
NaN |
NaN |
NaN |
Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 |
| CCE-19797-0 |
Remote Account password changes should be enabled or disabled as appropriate. |
(1) exist/not exist |
(1) AuthChangeDisable flag in the Metabase |
NaN |
NaN |
NaN |
NaN |
Rule Title: The IISADMPWD directory must be removed from the Web server. STIG ID: WA000-WI035 IIS6 Rule ID: SV-38148r1_rule Vuln ID: V-13698 Severity: CAT I Class: Unclass |
| CCE-19991-9 |
IIS sample Web Printing files should be installed or not as appropriate. |
(1) exist/not exist |
(1) files in %SystemRoot%\web\printers |
NaN |
NaN |
NaN |
NaN |
Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 |
| CCE-19763-2 |
The "AllowRestrictedChars" setting should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\AllowRestrictedChars |
NaN |
NaN |
NaN |
NaN |
Rule Title: The AllowRestrictedChars registry key must be disabled. STIG ID: WA000-WI6080 IIS6 Rule ID: SV-38160r1_rule Vuln ID: V-13714 |
| CCE-19713-7 |
The "EnableNonUTF8" setting should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\EnableNonUTF8 |
NaN |
NaN |
NaN |
NaN |
Rule Title: The EnableNonUTF8 registry key must be disabled. STIG ID: WA000-WI6082 IIS6 Rule ID: SV-38161r1_rule Vuln ID: V-13715 |
| CCE-19270-8 |
The "FavorUTF8" setting should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\FavorUTF8 |
NaN |
NaN |
NaN |
NaN |
Rule Title: The FavorUTF8 registry key must be set properly. STIG ID: WA000-WI6084 IIS6 Rule ID: SV-38162r1_rule Vuln ID: V-13716 |
| CCE-19942-2 |
The maximum possible size of request headers should be set correctly. |
(1) number of bytes |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxFieldLength |
NaN |
NaN |
NaN |
NaN |
Rule Title: The MaxFieldLength registry entry must be set properly. STIG ID: WA000-WI6086 IIS6 Rule ID: SV-38163r1_rule Vuln ID: V-13717 |
| CCE-19665-9 |
The maximum possible combined size of request line and headers should be set correctly. |
(1) number of bytes |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxRequestBytes |
NaN |
NaN |
NaN |
NaN |
Rule Title: The MaxRequestBytes registry entry must be set properly. STIG ID: WA000-WI6088 IIS6 Rule ID: SV-38164r1_rule Vuln ID: V-13718 |
| CCE-19860-6 |
The maximum number of characters in a URL path setting should be set correctly. |
(1) number of characters |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxLength |
NaN |
NaN |
NaN |
NaN |
Rule Title: The UrlSegmentMaxLength registry entry must be set properly. STIG ID: WA000-WI6090 IIS6 Rule ID: SV-38165r1_rule Vuln ID: V-13719 |
| CCE-19823-4 |
The maximum number of URL path segments should be set correctly. |
(1) number of URL path segments |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxCount |
NaN |
NaN |
NaN |
NaN |
Rule Title: The UrlSegmentMaxCount registry entry must be set properly. STIG ID: WA000-WI6096 IIS6 Rule ID: SV-38168r1_rule Vuln ID: V-13722 |
| CCE-19843-2 |
The allowance of %U notation in request URLs should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\PercentUAllowed |
NaN |
NaN |
NaN |
NaN |
Rule Title: The PercentUAllowed registry entry must be set properly. STIG ID: WA000-WI6092 IIS6 Rule ID: SV-38166r1_rule Vuln ID: V-13720 |
| CCE-19799-6 |
The maximum response size that can be cached in the kernel should be set correctly. |
(1) number of bytes |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UriMaxUriBytes |
NaN |
NaN |
NaN |
NaN |
Rule Title: The UriMaxUriBytes registry entry must be set properly. STIG ID: WA000-WI6094 IIS6 Rule ID: SV-38167r1_rule Vuln ID: V-13721 |
| CCE-20067-5 |
The maximum size of the entire request body setting should be set correctly. |
(1) number of bytes |
(1) MaxRequestEntityAllowed key in IIS metabase file |
NaN |
NaN |
NaN |
Rule Title: The MaxRequestEntityAllowed metabase value must be defined. STIG ID: WA000-WI6098 IIS6 Rule ID: SV-38047r1_rule Vuln ID: V-13723 |
NaN |
| CCE-19097-5 |
The URLScan ISAPI filters should be configured correctly for the specified websites. |
(1) TARGET: website (2) exist/not exist |
(1) Internet Information Services (IIS) Manage => Web Sites =><Web Site> => right click Properties => ISAPI Filters => URLScan |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f9b564d2-d245-4241-ba0d-266a896ca663.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-20046-9 |
The 'Replace a process-level token' setting should be configured as appropriate. |
(1) set of accounts |
(1) defined by the 'User Rights Assignment' setting in Local Policy |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/3648346f-e4f5-474b-86c7-5a86e85fa1ff.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19288-0 |
The "Adjust memory quotas for a process" setting should be configured appropriatly. |
(1) set of accounts |
(1) defined by the 'Adjust memory quotas for a process' setting in Local Policy |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/3648346f-e4f5-474b-86c7-5a86e85fa1ff.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-20091-5 |
The startup type of the HTTP SSL (HTTPFilter) service should be configured correctly. |
(1) automatic/manual/disabled |
(1) defined by the Services Administrative Tool (2) definied by Group Policy |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2df6ff66-da04-4e7c-997d-8f7aa46af8c8.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19840-8 |
The identity of the IIS Application Pools service should be set correctly. |
(1) type of service |
(1) Internet Information Services (IIS) Manager => Application Pools => right click Prpoerties => Identity Tab => non-privileged account |
NaN |
NaN |
NaN |
Rule Title: The web site must have a unique application pool. STIG ID: WA000-WI6010 IIS6 Rule ID: SV-38137r1_rule Vuln ID: V-13703 |
NaN |
| CCE-19954-7 |
The worker proceess isolation should be configured appropriatly. |
(1) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Web Sites => right click Properties => Services => Run WWW service in IIS 5.0 |
NaN |
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ed3c22ba-39fc-4332-bdb7-a0d9c76e4355.mspx?mfr=true |
NaN |
NaN |
NaN |
| CCE-19157-7 |
The IIS Application Pool "Recycle worker process (in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (in minutes) |
NaN |
NaN |
NaN |
The Recycle Worker processes in minutes monitor must be set properly. STIG ID: WA000-WI6020 IIS6 Rule ID: SV-38134r1_rule Vuln ID: V-13704 |
NaN |
| CCE-19414-2 |
The IIS Application Pool "Recycle worker process (in minutes)" setting should be set as appropriate for the specified application pools. |
(1) TARGET: application pool (2) number of minutes |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (in minutes) |
NaN |
NaN |
NaN |
The Recycle Worker processes in minutes monitor must be set properly. STIG ID: WA000-WI6020 IIS6 Rule ID: SV-38134r1_rule Vuln ID: V-13704 |
NaN |
| CCE-20054-3 |
The IIS Application Pool "Recycle worker process (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (number of requests) |
NaN |
NaN |
NaN |
Rule Title: The maximum number of requests an application pool can process must be set. STIG ID: WA000-WI6022 IIS6 Rule ID: SV-38132r1_rule Vuln ID: V-13705 |
NaN |
| CCE-19672-5 |
The IIS Application Pool "Recycle worker process (number of requests)" setting should be set as appropriate for the specified application pools. |
(1) TARGET: application pool (2) number of requests |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (number of requests) |
NaN |
NaN |
NaN |
Rule Title: The maximum number of requests an application pool can process must be set. STIG ID: WA000-WI6022 IIS6 Rule ID: SV-38132r1_rule Vuln ID: V-13705 |
NaN |
| CCE-19934-9 |
The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum virtual memory (in megabytes) |
NaN |
NaN |
NaN |
Rule Title: The maximum virtual memory monitor must be enabled. STIG ID: WA000-WI6024 IIS6 Rule ID: SV-38033r1_rule Vuln ID: V-13706 |
NaN |
| CCE-19437-3 |
The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be set correctly for the specified application pools. |
(1) TARGET: application pool (2) number of megabytes |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum virtual memory (in megabytes) |
NaN |
NaN |
NaN |
Rule Title: The maximum virtual memory monitor must be enabled. STIG ID: WA000-WI6024 IIS6 Rule ID: SV-38033r1_rule Vuln ID: V-13706 |
NaN |
| CCE-19633-7 |
The IIS Application Pool "Maximum used memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum used memory (in megabytes) |
NaN |
NaN |
NaN |
Rule Title: The maximum used memory monitor must be enabled. STIG ID: WA000-WI6026 IIS6 Rule ID: SV-38130r1_rule Vuln ID: V-13707 |
NaN |
| CCE-20004-8 |
The IIS Application Pool "Maximum used memory (in megabytes)" setting should be set correctly for the specified application pools. |
(1) TARGET: application pool (2) number of megabytes |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum used memory (in megabytes) |
NaN |
NaN |
NaN |
Rule Title: The maximum used memory monitor must be enabled. STIG ID: WA000-WI6026 IIS6 Rule ID: SV-38130r1_rule Vuln ID: V-13707 |
NaN |
| CCE-19442-3 |
The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Shutdown worker processes after being idle (time in minutes) |
NaN |
NaN |
NaN |
Rule Title: The Shutdown worker processes Idle Timeout monitor must be enabled. STIG ID: WA000-WI6028 IIS6 Rule ID: SV-38125r1_rule Vuln ID: V-13708 |
NaN |
| CCE-19597-4 |
The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be set correctly for the specified application pools. |
(1) TARGET: application pool (2) number of minutes |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Shutdown worker processes after being idle (time in minutes) |
NaN |
NaN |
NaN |
Rule Title: The Shutdown worker processes Idle Timeout monitor must be enabled. STIG ID: WA000-WI6028 IIS6 Rule ID: SV-38125r1_rule Vuln ID: V-13708 |
NaN |
| CCE-19912-5 |
The IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Limit the kernel request queue (number of requests) |
NaN |
NaN |
NaN |
Rule Title: The Limit the kernel request queue monitor must be enabled STIG ID: WA000-WI6030 IIS6 Rule ID: SV-38123r1_rule Vuln ID: V-13709 |
NaN |
| CCE-20002-2 |
The IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be set correctly for the specified application pools. |
(1) TARGET: application pool (2) number of requests |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Limit the kernel request queue (number of requests) |
NaN |
NaN |
NaN |
Rule Title: The Limit the kernel request queue monitor must be enabled STIG ID: WA000-WI6030 IIS6 Rule ID: SV-38123r1_rule Vuln ID: V-13709 |
NaN |
| CCE-19160-1 |
The IIS Application Pool "'Enable pinging" setting should be enabled or disabled as appropriate for the specified application pools.. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable pinging |
NaN |
NaN |
NaN |
Rule Title: The Enable pinging monitor must be enabled. STIG ID: WA000-WI6032 IIS6 Rule ID: SV-38043r1_rule Vuln ID: V-13710 |
NaN |
| CCE-20073-3 |
The IIS Application Pool "Ping worker process every (frequency in seconds)" setting should be set correctly for the specified application pools. |
(1) TARGET: application pool (2) number of seconds |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Ping worker process every (frequency in seconds) |
NaN |
NaN |
NaN |
Rule Title: The Enable pinging monitor must be enabled. STIG ID: WA000-WI6032 IIS6 Rule ID: SV-38043r1_rule Vuln ID: V-13710 |
NaN |
| CCE-20069-1 |
The IIS Application Pool "Enable rapid-fail protection" setting should be enabled or disabled as appropriate for the specified application pools. |
(1) TARGET: application pool (2) enabled/disabled |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable rapid-fail protection |
NaN |
NaN |
NaN |
Rule Title: The Enable rapid-fail protection monitor must be enabled. STIG ID: WA000-WI6034 IIS6 Rule ID: SV-38044r1_rule Vuln ID: V-13711 |
NaN |
| CCE-20141-8 |
The IIS Application Pool "Enable rapid-fail protection - Failures" setting should be set correctly for the specified application pools. |
(1) TARGET: application pool (2) number of failures |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable rapid-fail protection - Failures |
NaN |
NaN |
NaN |
Rule Title: The Enable rapid-fail protection monitor must be enabled. STIG ID: WA000-WI6034 IIS6 Rule ID: SV-38044r1_rule Vuln ID: V-13711 |
NaN |
| CCE-20055-0 |
The IIS Application Pool "Enable rapid-fail protection - Time Period" setting should be set correctly for the specified application pools. |
(1) TARGET: application pool (2) number of minutes |
(1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable rapid-fail protection - Time Period |
NaN |
NaN |
NaN |
Rule Title: The Enable rapid-fail time period monitor must be enabled. STIG ID: WA000-WI6036 IIS6 Rule ID: SV-38045r1_rule Vuln ID: V-13712 |
NaN |
| CCE-19927-3 |
The required auditing settings for the MetaBase.xml file should be assigned for the specified websites. |
(1) set of accounts (2) events to audit (3) applicability |
(1) defined by the object's SACL |
NaN |
http://msdn.microsoft.com/en-us/library/ff648653.aspx |
NaN |
NaN |
NaN |