Check: WA000-WI6082 IIS6
IIS6 Server:
WA000-WI6082 IIS6
(in version v6 r16)
Title
The EnableNonUTF8 registry key must be disabled. (Cat II impact)
Discussion
Http.sys is the kernel mode driver that handles HTTP requests. There are several registry keys associated with http.sys. The EnableNonUTF8 registry key expands the amount of character types the web server accepts. Hackers can use this capability to submit content in a URL that can execute in the CPU by means of a buffer overflow.
Check Content
1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters EnableNonUTF8. 3. Ensure the value for the EnableNonUTF8 key is REG_DWORD 0. If the registry key is not set to 0 or does not exist, this is a finding.
Fix Text
1. Open the registry editor. 2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. 3. Set the value for the EnableNonUTF8 key to REG_DWORD 0 or add the key and set it to REG_DWORD 0.
Additional Identifiers
Rule ID: SV-38161r1_rule
Vulnerability ID: V-13715
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |