UCF STIG Viewer Logo

Web Administrators must secure encrypted connections for Document Root directory uploads.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13686 WG235 IIS6 SV-40028r1_rule EBRP-1 EBRU-1 High
Description
Logging in to a web server via a telnet session or using HTTP or FTP in order to upload documents to the web site is a risk if proper encryption is not utilized to protect the data being transmitted. A secure shell service or HTTPS needs to be installed and in use for these purposes.
STIG Date
IIS6 Site 2014-12-10

Details

Check Text ( C-37417r1_chk )
Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection.

NOTE: See results from WG230 for data that will assist in the validation of this vulnerability. If the remote users are uploading files without utilizing approved encryption methods, this is finding.
Fix Text (F-32653r1_fix)
Use only secure encrypted logons and connections for uploading files to the web site.