WG385 IIS6 - All web server documentation, sample code, example applications, and tutorials must be removed. - 'Inetpub\AdminScripts'

Information

Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server. A production web server may only contain components that are operationally necessary (e.g., compiled code, scripts, web-content, etc.). Delete all directories containing samples and any scripts used to execute the samples.

Solution

Remove sample code and documentation from the web server.

See Also

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CAT|I, Rule-ID|SV-38330r1_rule, STIG-ID|WG385_IIS6, Vuln-ID|V-13621

Plugin: Windows

Control ID: 7bd5ac438c9244a432f579562aa71f48d0d30b96b6c01e46772671406e3d271e