Download
| Alert*
CCE-19534-7
Individual IP addresses should be configured as appropriate for the specified websites. CCE-19956-2 IIS Help files should be installed or not as appropriate. CCE-20026-1 The path of the HTTP Log folder should be configured correctly for the specified websites. CCE-19263-3 The master home directory "Log Visits" permission should be enabled or disabled as appropriate. CCE-19432-4 The WWW service Special Characters In Shells setting should be enabled or disabled as appropriate. CCE-19643-6 Permissions on the Web Root "scripts" directory should be set appropriately. CCE-19685-7 The master home directory "Integrated Windows Authentication" setting should be enabled or disabled. CCE-19689-9 The master home directory "Enable Logging" setting should be enabled or disabled as appropriate. CCE-19384-7 The VbBusObj.VbBusObjCls object should be enable or disabeld as appropriate. CCE-19843-2 The allowance of %U notation in request URLs should be enabled or disabled as appropriate. CCE-20083-2 Permissions on the Web Root "docs" directory should be set appropriately. CCE-19628-7 Integrated Windows Authentication should be enabled or disabled as appropriate the specified websites. CCE-19801-0 Permissions on the Web Root "home" directory should be set appropriately. CCE-19365-6 The '.idq' extension mapping should be configured as appropriate. CCE-19768-1 The '.htw' extension mapping should be configured as appropriate. CCE-20015-4 The IWAM account should be configured correctly. CCE-19259-1 The master home directory "Basic Authentication" setting should be enabled or disabled. CCE-20034-5 Permissions on the Inetpub directory should be set appropriately. CCE-19270-8 The "FavorUTF8" setting should be enabled or disabled as appropriate. CCE-19606-3 URL query logging should be enabled or disabled as appropriate for the specified websites. CCE-20091-5 The startup type of the HTTP SSL (HTTPFilter) service should be configured correctly. CCE-19406-8 The "Write" privilege should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19790-5 IIS WWW service SSL error logging should be enabled or disabled as appropriate. CCE-19737-6 The sample Data Access files should be installed or not as appropriate. CCE-19903-4 The master home directory "Anonymous Access" permission for IIS websites should be enabled or disabled as appropriate. CCE-19527-1 The '.idc' extension mapping should be configured as appropriate. CCE-20048-5 The master home directory "Write" permission should be enabled or disabled as appropriate. CCE-19160-1 The IIS Application Pool "'Enable pinging" setting should be enabled or disabled as appropriate for the specified application pools.. CCE-19932-3 The "Enable Logging" setting should be enabled or disabled for the specified web server CCE-20002-2 The IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be set correctly for the specified application pools. CCE-20044-4 Relative path traversal should be enabled or disabled as appropriate for the specified websites. CCE-19618-8 Permissions on the Web Root "include" directory should be set appropriately. CCE-19684-0 Server port logging should be enabled or disabled as appropriate for the specified websites. CCE-19097-5 The URLScan ISAPI filters should be configured correctly for the specified websites. CCE-19479-5 The master home directory "Directory Browsing" permission should be enabled or disabled as appropriate. CCE-19138-7 The "Anonymous Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19437-3 The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be set correctly for the specified application pools. CCE-20067-5 The maximum size of the entire request body setting should be set correctly. CCE-19823-4 The maximum number of URL path segments should be set correctly. CCE-19433-2 Permissions on the Web Root "Images" directory should be set appropriately. CCE-19888-7 Permissions on the default Logfiles directory should be set appropriately. CCE-19414-2 The IIS Application Pool "Recycle worker process (in minutes)" setting should be set as appropriate for the specified application pools. CCE-20029-5 The file auditing for the Web Root directory should be configured appropriately. CCE-19362-3 The membership of the IUSR account should be configured correctly. CCE-19884-6 HTTP protocol logging should be enabled or disabled as appropriate for the specified websites. CCE-19592-5 The IIS Web Root directory should be named appropriately. CCE-19665-9 The maximum possible combined size of request line and headers should be set correctly. CCE-19157-7 The IIS Application Pool "Recycle worker process (in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19763-2 The "AllowRestrictedChars" setting should be enabled or disabled as appropriate. CCE-19324-3 The"Log Visits" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19751-7 The startup type of the IIS Admin (IISAdmin) service should be correct. CCE-20014-7 Permissions on inetsrv\asp.dll should be set appropriately. CCE-19691-5 Web-based password reset IIS application mappings (.htr) should be configured correctly. CCE-19940-6 Protocol status logging should be enabled or disabled as appropriate for the specified websites. CCE-20052-7 Permissions on the Web Root directory should be set appropriately. CCE-19672-5 The IIS Application Pool "Recycle worker process (number of requests)" setting should be set as appropriate for the specified application pools. CCE-19838-2 Server IP address logging should be enabled or disabled as appropriate for the specified websites. CCE-19815-0 The path of the IIS Web Root folder should be configured correctly. CCE-19797-0 Remote Account password changes should be enabled or disabled as appropriate. CCE-19713-7 The "EnableNonUTF8" setting should be enabled or disabled as appropriate. CCE-19732-7 The '.shtm' extension mapping should be configured as appropriate. CCE-20005-5 The "Script Source Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-20024-6 Date logging should be enabled or disabled as appropriate for the specified websites. CCE-19683-2 User agent logging should be enabled or disabled as appropriate for the specified websites. CCE-20043-6 The '.stm' extension mapping should be configured as appropriate. CCE-19641-0 The file auditing for the \Metaback directory should be configured appropriately. CCE-19092-6 The "Index this resource" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-20028-7 URI stem logging should be enabled or disabled as appropriate for the specified websites. CCE-19615-4 Time logging should be enabled or disabled as appropriate for the specified websites. CCE-19288-0 The "Adjust memory quotas for a process" setting should be configured appropriatly. CCE-19611-3 The IUSR account should be enabled or disabled as appropriate. CCE-19860-6 The maximum number of characters in a URL path setting should be set correctly. CCE-19133-8 The master home directory "Read" permission should be enabled or disabled as appropriate. CCE-19912-5 The IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19977-8 The file auditing for the Inetpub directory should be configured appropriately. CCE-19954-7 The worker proceess isolation should be configured appropriatly. CCE-20020-4 IIS Sample files should be installed or not as appropriate. CCE-19597-4 The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be set correctly for the specified application pools. CCE-19506-5 The "Read" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19716-0 The "Execute Permissions" permission should be set correctly for the specified websites. CCE-19690-7 The execution context of the IIS CGI processes should be configured as appropriate. CCE-20017-0 The master home directory "Script Source Access" permission should be enabled or disabled as appropriate. CCE-19442-3 The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19633-7 The IIS Application Pool "Maximum used memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19792-1 Permissions on the inetsrv directory should be set appropriately. CCE-19871-3 The specified websites should be configured to use the appropriate network interfaces. CCE-20055-0 The IIS Application Pool "Enable rapid-fail protection - Time Period" setting should be set correctly for the specified application pools. CCE-19332-6 Permissions on the Web Root "executables" directory should be set appropriately. CCE-19991-9 IIS sample Web Printing files should be installed or not as appropriate. CCE-20023-8 The '.printer' extension mapping should be configured as appropriate. CCE-20069-1 The IIS Application Pool "Enable rapid-fail protection" setting should be enabled or disabled as appropriate for the specified application pools. CCE-20004-8 The IIS Application Pool "Maximum used memory (in megabytes)" setting should be set correctly for the specified application pools. CCE-20065-9 The RDSServer.DataFactory object should be enable or disabeld as appropriate. CCE-19625-3 The master home directory "Execute Permissions" permission should be enabled or disabled as appropriate. CCE-20046-9 The 'Replace a process-level token' setting should be configured as appropriate. CCE-19840-8 The identity of the IIS Application Pools service should be set correctly. CCE-19867-1 Basic Authentication should be enabled or disabled as appropriate for the specified websites. CCE-20080-8 Win32 status logging should be enabled or disabled as appropriate for the specified websites. CCE-19322-7 The master home directory "Index this resource" permission should be enabled or disabled as appropriate. CCE-19934-9 The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19799-6 The maximum response size that can be cached in the kernel should be set correctly. CCE-19753-3 User name logging should be enabled or disabled as appropriate for the specified websites. CCE-19711-1 The AdvancedDataFactory object should be enable or disabeld as appropriate. CCE-19942-2 The maximum possible size of request headers should be set correctly. CCE-19655-0 The "Directory Browsing" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-20077-4 The file auditing for the directory \%SystemRoot%\System32\Inetsrv should be configured appropriately. CCE-19678-2 Client IP Address logging should be enabled or disabled as appropriate for the specified websites. CCE-19167-6 Method logging should be enabled or disabled as appropriate for the specified websites. CCE-20073-3 The IIS Application Pool "Ping worker process every (frequency in seconds)" setting should be set correctly for the specified application pools. CCE-20141-8 The IIS Application Pool "Enable rapid-fail protection - Failures" setting should be set correctly for the specified application pools. CCE-20054-3 The IIS Application Pool "Recycle worker process (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19946-3 The '.ida' extension mapping should be configured as appropriate. CCE-19988-5 Server Side Includes command shell should be enabled or disabled as appropriate. CCE-19927-3 The required auditing settings for the MetaBase.xml file should be assigned for the specified websites. CCE-19545-3 The '.shtml' extension mapping should be configured as appropriate. |