| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218756 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Site Security Technic... | Non-ASCII characters in URLs must be prohibited by... | - | |||
Check TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow high-bit characters" check box is checked, this is a finding. Note: If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow high-bit characters" check box. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: Site: Default Web Site ResultHash: C4AC55E057470F8E3BE8026C2E97039D7E1B552C ~~~~~ Exchange service detected. If this server only hosts Microsoft Exchange, mark this check as NA. Service: MSExchangeServiceHost Status: Running
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl
Scan Date: 2026-01-14T12:57:33.098574
Technology Area: Web Review
|
||||||||
| V-218756 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Site Security Technic... | Non-ASCII characters in URLs must be prohibited by... | - | |||
Check TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow high-bit characters" check box is checked, this is a finding. Note: If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow high-bit characters" check box. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: Site: Exchange Back End ResultHash: C4AC55E057470F8E3BE8026C2E97039D7E1B552C ~~~~~ Exchange service detected. If this server only hosts Microsoft Exchange, mark this check as NA. Service: MSExchangeServiceHost Status: Running
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl
Scan Date: 2026-01-14T12:57:33.300070
Technology Area: Web Review
|
||||||||
| V-218756 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Site Security Technic... | Non-ASCII characters in URLs must be prohibited by... | - | |||
Check TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow high-bit characters" check box is checked, this is a finding. Note: If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow high-bit characters" check box. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be OPEN on 10/23/2025 Site: Default Web Site ResultHash: 545E96FB53E421DBB94A039FB5D6FBC26514D6A0 ~~~~~ AllowHighBitCharacters is Enabled
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl
Scan Date: 2026-01-14T12:57:35.375369
Technology Area: Web Review
|
||||||||