STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Server for Windows Security Technical Implementation Guide

V-2264

CAT II (Medium)

Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator.

Rule ID

SV-33095r1_rule

STIG

APACHE 2.2 Server for Windows Security Technical Implementation Guide

Version

V1R13

CCIs

None

Discussion

Windows Scripting Host (WSH) is installed under either a Typical or Custom installation option of a Microsoft Network Server. This technology permits the execution of powerful script files from the Windows NT command line. This technology is also classified as a Category I Mobile Code. If the access to these files is not tightly controlled, a malicious user could readily compromise the server by using a form to send input to these scripting engines.

Check Content

Search for instances of Wscript.exe and Cscript.exe.

Move to these files, if found, and right-click on them to view their Properties.

Permissions should only exist for System, the SA, and the web administrator, who may have Full Control. User accounts with access to these files that are unknown, or unintended, should be removed.

If these files have permission for other than the SA, the web administrator, or the system, this is a finding.

Fix Text

Remove Wscript.exe and Cscript.exe files from the server, or restrict access to these files to the SA, the web administrator, and the system account.