Directory Browsing on the IIS 10.0 website must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>Directory browsing allows the contents of a directory to be displayed upon request from a web client. If directory browsing is enabled for a directory in IIS, users could receive a web page listing the contents of the directory. If directory browsing is enabled the risk of inadvertently disclosing sensitive content is increased.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-218759r879652_rule
Severity: Medium
References: CCI-001310
Updated: 8 months ago

Follow the procedures below for each site hosted on the IIS 10.0 web server:

Open the IIS 10.0 Manager.

Click the Site.
Double-click the "Directory Browsing" icon.

Under the "Actions" pane, click "Disabled".

Directory Browsing on the IIS 10.0 website must be disabled.

Description

Remediation - Manual Procedure