WA000-WI092 IIS6 - The IIS web site permissions 'Write' or 'Script Source' must not be selected. - 'Write permission check'

Information

Web site permissions to include Read, Write, and Script Source Access can be set within the IIS Administration tool. Configuration settings made at the Web Server level are inherited by all of the web sites on the server. It can override inheritance by configuring the individual site or site element. These permissions control what users can access from the web site. If Read is selected, then source of the pages can be read, if Write is selected, then pages can be written to or updated. If the Script Source Access is checked, source code for scripts can be viewed. This option is not available if neither Read nor Write is selected. Allowing users' access to the source of the web pages, may provide the user with more information than they are authorized to see. This is especially an issue for the source code for scripts on the web server.

Solution

1. Open the IIS Manager > Right click on the website (including directories, sub-directories, virtual directories, and files) being reviewed > Select Properties > Select the Home Directory (Directory, Virtual Directory, or File) tab.
2. Uncheck the Write and/or the Script source access permissions.

See Also

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|I, Rule-ID|SV-38020r1_rule, STIG-ID|WA000-WI092_IIS6, Vuln-ID|V-13699

Plugin: Windows

Control ID: 8c2bb8d00f8db8f5bb47063a4f63e8909f2f2e5629201ea610e9154ba287074c