STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-214454r508659_rule
V-214454
SRG-APP-000141-WSR-000081
IISW-SI-000214
CAT II
10
Follow the procedures below for each site hosted on the IIS 8.5 web server:
Open the IIS 8.5 Manager.
Click on the IIS 8.5 site.
Under IIS, double-click the “MIME Types” icon.
From the "Group by:" drop-down list, select "Content Type".
From the list of extensions under "Application", remove MIME types for OS shell program extensions, to include at a minimum, the following extensions:
.exe
.dll
.com
.bat
.csh
Select "Apply" from the "Actions" pane.
Follow the procedures below for each site hosted on the IIS 8.5 web server:
Open the IIS 8.5 Manager.
Click on the IIS 8.5 site.
Under IIS, double-click the “MIME Types” icon.
From the "Group by:" drop-down list, select "Content Type".
From the list of extensions under "Application", verify MIME types for OS shell program extensions have been removed, to include at a minimum, the following extensions:
.exe
.dll
.com
.bat
.csh
If any OS shell MIME types are configured, this is a finding.
V-214454
False
IISW-SI-000214
Follow the procedures below for each site hosted on the IIS 8.5 web server:
Open the IIS 8.5 Manager.
Click on the IIS 8.5 site.
Under IIS, double-click the “MIME Types” icon.
From the "Group by:" drop-down list, select "Content Type".
From the list of extensions under "Application", verify MIME types for OS shell program extensions have been removed, to include at a minimum, the following extensions:
.exe
.dll
.com
.bat
.csh
If any OS shell MIME types are configured, this is a finding.
M
4001