IISW-SV-000120 - All IIS 8.5 web server sample code, example applications, and tutorials must be removed from a production IIS 8.5 server.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server. A production web server may only contain components that are operationally necessary (i.e., compiled code, scripts, web content, etc.). Delete all directories containing samples and any scripts used to execute the samples.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Remove any executable sample code, example applications, or tutorials which are not explicitly used by a production website.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y23M04_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000381, Rule-ID|SV-214410r879587_rule, STIG-ID|IISW-SV-000120, STIG-Legacy|SV-91401, STIG-Legacy|V-76705, Vuln-ID|V-214410

Plugin: Windows

Control ID: ad4aa081ec0326a982848bd6e0ef9a5b7463df3326d230a22e412a2871fdb4eb