WA000-WI110 IIS6 - The command shell options must be disabled.

Details

The command shell can be used to call arbitrary commands at the web server from within an HTML page.


Solution

Set the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters to the following value: SSIEnableCmdDirective REG_DWORD 0


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.


References


Source