WA000-WI110 IIS6 - The command shell options must be disabled.

Information

The command shell can be used to call arbitrary commands at the web server from within an HTML page.

Solution

Set the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters to the following value: SSIEnableCmdDirective REG_DWORD 0

See Also

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|I, Rule-ID|SV-38159r1_rule, STIG-ID|WA000-WI110_IIS6, Vuln-ID|V-13701

Plugin: Windows

Control ID: 1066be6e2bd3d8d4a546542f7f922eccf971579956bd32a4cdace8537d35259e