ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    IIS and PCI Compliance

    Scheduled Pinned Locked Moved IT Discussion
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JoelJ
      Joel
      last edited by

      Hi Guys
      I'm trying to pass PCI compliance and failing on one error: see below.
      Can anyone advise how i can fix this kind of thing? I am not too familiar with IIS.

      We're running Windows Server 16

      type : Microsoft IIS
      Server version : 10.0
      SOLUTION:
      Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.
      IMPACT:
      The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages used by the web server.
      THREAT:
      The remote web server discloses information via HTTP headers.
      CVSS Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
      ID: 6166091
      Category: Web Servers
      CVE ID:
      VULNERABILITY DETAILS
      PCI Severity Level:
      PCI COMPLIANCE STATUS

      1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403
        last edited by

        Some details can be found here on recommended changes.

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post