CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 3 of 3 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-218757	CAT II	MONT-MB-002	Microsoft IIS 10.0 Site Security Technic...	Double encoded URL requests must be prohibited by ...		-
Check Text Note: If the server being reviewed is hosting SharePoint, this is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow double escaping" check box is checked, this is a finding. Fix Text Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow double escaping" check box. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 10/23/2025 Site: Default Web Site ResultHash: ABDEB31F62077F38682F3B6A94057B49A3CFDE3A ~~~~~ AllowDoubleEscaping is Disabled Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Default_Web_Site_V2R12_20251023-152518.ckl Scan Date: 2026-01-14T12:57:33.098574 Technology Area: Web Review
V-218757	CAT II	MONT-MB-002	Microsoft IIS 10.0 Site Security Technic...	Double encoded URL requests must be prohibited by ...		-
Check Text Note: If the server being reviewed is hosting SharePoint, this is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow double escaping" check box is checked, this is a finding. Fix Text Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow double escaping" check box. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 10/23/2025 Site: Exchange Back End ResultHash: ABDEB31F62077F38682F3B6A94057B49A3CFDE3A ~~~~~ AllowDoubleEscaping is Disabled Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Site_Exchange_Back_End_V2R12_20251023-152602.ckl Scan Date: 2026-01-14T12:57:33.300070 Technology Area: Web Review
V-218757	CAT II	MONT-DP-001	Microsoft IIS 10.0 Site Security Technic...	Double encoded URL requests must be prohibited by ...		-
Check Text Note: If the server being reviewed is hosting SharePoint, this is Not Applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow double escaping" check box is checked, this is a finding. Fix Text Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow double escaping" check box. Finding Details Evaluate-STIG 1.2507.5 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 10/23/2025 Site: Default Web Site ResultHash: ABDEB31F62077F38682F3B6A94057B49A3CFDE3A ~~~~~ AllowDoubleEscaping is Disabled Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Site_Default_Web_Site_V2R12_20251023-143912.ckl Scan Date: 2026-01-14T12:57:35.375369 Technology Area: Web Review

CUI