IIS and PCI Compliance



  • Hi Guys
    I'm trying to pass PCI compliance and failing on one error: see below.
    Can anyone advise how i can fix this kind of thing? I am not too familiar with IIS.

    We're running Windows Server 16

    type : Microsoft IIS
    Server version : 10.0
    SOLUTION:
    Modify the HTTP headers of the web server to not disclose detailed information about the underlying web server.
    IMPACT:
    The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and languages used by the web server.
    THREAT:
    The remote web server discloses information via HTTP headers.
    CVSS Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
    ID: 6166091
    Category: Web Servers
    CVE ID:
    VULNERABILITY DETAILS
    PCI Severity Level:
    PCI COMPLIANCE STATUS



  • Some details can be found here on recommended changes.


Log in to reply