W300 - Web server system files do not conform to minmum file permission requirements. - '\inetpub\wwwroot\images'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Vulnerability Key: V0002259
IA Controls: ECCD-1 Changes to Data, ECCD-2 Changes to Data
Categories: 2.2 Least Privilege
Severity: Category II
Ref: WEB SERVER SECURITY TECHNICAL IMPLEMENTATION GUIDE Section 3.10, Web Site Administration Policies & Procedures, With
Amendments and Corrections incorporated in red italics
This check verifies that the key web server system configuration files are owned by the SA or Web
Manager controlled account. These same files which control the configuration of the web server,
and thus its behavior, must also be accessible by the account which runs the web service. If these
files are altered by a malicious user, the web server would no longer be under the control of its
managers and owners; properties in the web server configuration could be altered to compromise
the entire server platform.