Vulnerability around IIS setting: HTTP Response Headers
Article ID: 277122
Updated On:
Products
IT Management Suite
Client Management Suite
Issue/Introduction
We were given some vulnerability reports on our package servers. One of the finding has to do with IIS response headers. This is what was configured when the scan was executed:
Cause
Testing revealed with Windows Server 2019 that ASP.NET is added by default when IIS is installed.
Resolution
Go to IIS Management, click on the Server Name, and then select the HTTP Response Headers.
Select the ASP.NET line, and click Remove:
This resolved the vulnerability.
Feedback
Yes
No
Powered by
