Title

The MaxFieldLength registry entry must be set properly. (Cat II impact)

Discussion

By default, the MaxFieldLength registry entry is not present. This registry entry specifies the maximum size of any individual HTTP client request. Typically, this registry entry is configured together with the MaxRequestBytes registry entry. Setting this value to high, when the application does not require it to operate, may cause performance problems as well as Denial of Service issues for the web server.

Check Content

1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Ensure the value for the MaxFieldLength key is REG_DWORD 16384 (or less). If the registry value is not set to 16384 (or less) or missing, this is a finding. NOTE: This vulnerability can be documented locally by the ISSM/ISSO if the site has operational reasons for an increased value. If the ISSM/ISSO has approved this change in writing, this should be marked as not a finding.

Fix Text

1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Set the value for the MaxFieldLength key to REG_DWORD 16384 (or less) or add the key and set it to REG_DWORD 16384.

Additional Identifiers

Rule ID: SV-38163r2_rule

Vulnerability ID: V-13717

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.