Details
IIS6 Http.sys is the kernel mode driver that handles HTTP requests. There are several registry keys associated with http.sys. If the AllowRestrictedChars key is set to a nonzero value, Http.sys accepts hex-escaped chars in request URLs that decode to U+0000 - U+001F and U+007F - U+009F ranges. If this capability is enabled it allows malicious characters to be hex-encoded by an attacker in an attempt to bypass input validation routines.
Solution
1. Open the registry editor.
2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters.
3. Set the value for the AllowRestrictedChars key to REG_DWORD 0 or add the key and set it to REG_DWORD 0.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.
References
- 800-53|SI-10.
- CAT|II
- Rule-ID|SV-38160r1_rule
- STIG-ID|WA000-WI6080_IIS6
- Vuln-ID|V-13714
Comments
Please sign in to leave a comment.