WA000-WI110 IIS6 - The command shell options must be disabled.

Gavin M. Dennis

22 April 2022 21:04

Details

The command shell can be used to call arbitrary commands at the web server from within an HTML page.

Solution

Set the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters to the following value: SSIEnableCmdDirective REG_DWORD 0

Supportive Information

The following resource is also helpful.

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

800-53|AC-6.
CAT|I
Rule-ID|SV-38159r1_rule
STIG-ID|WA000-WI110_IIS6
Vuln-ID|V-13701

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section