STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 web server must have Web Distributed Authoring and Versioning (WebDAV) disabled.

DISA Rule

SV-214414r508658_rule

Vulnerability Number

V-214414

Group Title

SRG-APP-000141-WSR-000085

Rule Version

IISW-SV-000125

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

Access Server Manager on the IIS 8.5 web server.

Click the IIS 8.5 web server name.

Click on "Manage".

Select "Add Roles and Features".

Click "Next" on the "Before you begin" dialog box.

Select "Role-based or feature-based installation" on the "Installation Type" dialog box and click on "Next".

Select the IIS 8.5 web server on the "Server Selection" dialog box.

From the "Windows Features" dialog box, navigate to "World Wide Web Services" >> "Common HTTP Features".

De-select "WebDAV Publishing" and click "Next" to complete removing the WebDAV Publishing feature from the IIS 8.5 web server.

Check Contents

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Review the features listed under the “IIS" section.

If the "WebDAV Authoring Rules" icon exists, this is a finding.

Vulnerability Number

V-214414

Documentable

False

Rule Version

IISW-SV-000125

Severity Override Guidance

Open the IIS 8.5 Manager.

Click the IIS 8.5 web server name.

Review the features listed under the “IIS" section.

If the "WebDAV Authoring Rules" icon exists, this is a finding.

Check Content Reference

Target Key

4000

The IIS 8.5 web server must have Web Distributed Authoring and Versioning (WebDAV) disabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments