Rapid7 Vulnerability & Exploit Database

Microsoft IIS Web Request Logging Disabled

Back to Search

Microsoft IIS Web Request Logging Disabled

Severity
1
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:N)
Published
11/01/2004
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

Web logging has been disabled on this IIS server. By default, Microsoft IIS keeps a log of every request that is served by the web server, including the time and date of the request, the IP address of the requestor, and the result (error or success code) of the request.

It is important to keep and to review your web logs to look for patterns of activity that indicate your web server is under attack. Evidence of active probing or attacking can be useful in identifying potential security problems or actual security breaches.

Since logging is enabled by default, the fact that logging has been explicitly disabled on this server is a cause for concern. While logging may have been disabled for a valid reason (e.g. to save disk space), it may also indicate that an attacker was trying to hide his tracks.

Solution(s)

  • iis-web-logging-disabled

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;