| VID |
27066 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
You should limit useless uploading and downloading because it may bring about an denial of service owing to massive file uploading and downloading.
* Platforms Affected:
Microsoft IIS Server |
| Recommendation |
[Windows Server 2003]
1. Start> Run> SERVICES.MSC> IISADMIN> Properties> General> Stop Service
2. Open %systemroot%\system32\inetsrv\MetaBase.xml file with editor
3. Find "AspMaxRequestEntityAllowed" value and limit file upload size at a minimum
4. Find "AspBufferingLimit" value and limit file upload size at a minimum
5. Start> Run> SERVICES.MSC> IISADMIN> Properties> General> Start Service
¡Ø Default value
(1) maxAllowedContentLength (contents size) => Default: 30MB
(2) MaxRequestEntityAllowed (file upload size) => Default: 200000 byte
(3) bufferingLimit (file download size)=> Default: 4MB(4194304 byte)
[Windows Server 2008, 2012, 2016, 2019]
1. Add below items in web.config in root directory
(If there is no web.config, create a new file in home directory)
-------------------------------------------------------------------------------------------
web.config
<configuration>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="Contents Size" />
</requestFiltering>
</security>
</system.webServer>
</configuration>
-------------------------------------------------------------------------------------------
Add below items in this file %systemroot%\system32\inetsrv\config\applicationHost.config
-------------------------------------------------------------------------------------------
<system.webServer>
<asp>
<limits bufferingLimit="file download size" maxRequestEntityAllowed="file upload size"/>
</asp>
</system.webServer>
-------------------------------------------------------------------------------------------
¡Ø Default value
(1) maxAllowedContentLength (contents size) => Default: 30MB
(2) MaxRequestEntityAllowed (file upload size) => Default: 200000 byte
(3) bufferingLimit (file download size)=> Default: 4MB(4194304 byte) |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
