Non-ASCII characters in URLs must be prohibited by any IIS 10.0 website.
An XCCDF Rule
Description
<VulnDiscussion>Setting limits on web requests ensures availability of web services and mitigates the risk of buffer overflow type attacks. The allow high-bit characters Request Filter enables rejection of requests containing non-ASCII characters.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-218756r961152_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Follow the procedures below for each site hosted on the IIS 10.0 web server:
Open the IIS 10.0 Manager.
Click the site name under review.