V-218780
CAT IIInteractive scripts on the IIS 10.0 web server must have restrictive access controls.
- Ships Affected
- 2
- Total Findings
- 4
- Open
- 0
- Closed
- 0
Check Text
Determine whether scripts are used on the web server for the subject website. Common file extensions include, but are not limited to: .cgi, .pl, .vb, .class, .c, .php, and .asp.
If the website does not utilize CGI, this finding is Not Applicable.
All interactive programs must have restrictive permissions.
Open the IIS 10.0 Manager.
Right-click the IIS 10.0 web site name and select "Explore".
Search for the listed script extensions.
Review the permissions to the CGI scripts and verify only the permissions listed, or more restrictive permissions are assigned.
Administrators: FULL
Web Administrators: FULL
TrustedInstaller: FULL
ALL APPLICATION PACKAGES: Read
ALL RESTRICTED APPLICATION PACKAGES: Read
SYSTEM: FULL
ApplicationPoolId: READ
Custom Service Account: READ
Users: READ
If the permissions are less restrictive than listed above, this is a finding.
Fix Text
Determine whether scripts are used on the web server for the subject website. Common file extensions include, but are not limited to: .cgi, .pl, .vb, .class, .c, .php, and .asp.
If the website does not utilize CGI, this finding is NA.
All interactive programs must have restrictive permissions.
Open the IIS 10.0 Manager.
Right-click the IIS 10.0 web server name and select "Explore".
Search for the listed script extensions.
Set the permissions to the CGI scripts as follows:
Administrators: FULL
Web Administrators: FULL
TrustedInstaller: FULL
ALL APPLICATION PACKAGES: Read
ALL RESTRICTED APPLICATION PACKAGES: Read
SYSTEM: FULL
ApplicationPoolId: READ
Custom Service Account: READ
Users: READ
STIG Reference
- STIG
- Microsoft IIS 10.0 Site Security Technical Implementation Guide
- Version
- 2
- Release
- 15
- Rule ID
- SV-218780r960963_rule
All Occurrences
This vulnerability appears on 2 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| LAB BASELINES | BASELINE | SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb | Unassigned | 2026-03-12T15:38:14.459023 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl | Unassigned | 2026-01-14T12:57:35.375369 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl | Unassigned | 2026-01-14T12:57:33.300070 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl | Unassigned | 2026-01-14T12:57:33.098574 | View in Context |