IISW-SV-000138 - Directory Browsing on the IIS 8.5 web server must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled the risk of inadvertently disclosing sensitive content is increased.

Solution

If the Directory Browsing IIS Feature is disabled, this is Not Applicable.

Open the IIS 8.5 Manager.
Click the IIS 8.5 web server name.
Double-click the 'Directory Browsing' icon.
Under the 'Actions' pane click 'Disabled'.
Under the 'Actions' pane, click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y23M04_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001310, Rule-ID|SV-214423r879652_rule, STIG-ID|IISW-SV-000138, STIG-Legacy|SV-91429, STIG-Legacy|V-76733, Vuln-ID|V-214423

Plugin: Windows

Control ID: 1d12fc93c34f600ab645637894700cd0ab62637424a50547703f6b7bfd2c1069