SHPT-00-000682 - The Online Web Part Gallery must be configured for limited access.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Web Part galleries are groupings of Web Parts. There are four Web Part galleries- Closed Web Parts, Site Name Gallery, Server Gallery, and Online Gallery. The Online Gallery is a collection of Microsoft MSNBC Web Parts located on the Internet. Allowing users to access the Online Web Part Gallery causes a significant performance hit on the server, due to the server attempting to connect to the MSNBC online gallery. This could result in a Denial-of-Service. The Online Gallery could contain Web Parts from unknown third parties, which could increase the risk of a malicious code execution attack. Preventing users from accessing the Online Web Part Gallery decreases the system's attack surface.

Solution

Enable the 'Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance' option for each web application.
1. In Central Administration, click Security.
2. On the Security page, in the General Security list, click Manage web part security.
3 On the Security for Web Part Pages page, for each web application in the web application section, perform the following-
- Select a web application in the Web Application list.
- In the Online Web Part Gallery section, select the 'Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance'.
4. Click OK.

See Also

http://iasecontent.disa.mil/stigs/zip/Oct2015/U_Sharepoint_2010_V1R7_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-001167, Rule-ID|SV-37994r2_rule, STIG-ID|SHPT-00-000682, Vuln-ID|V-29338

Plugin: Windows

Control ID: d2de6000a263c0e30eb0ccc01ae1bc8b1ae6452cca55c8c94c9fba0f67e4d0fb