| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218798 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must have Multipurpose Int... | - | |||
Check TextNote: If the server is hosting WSUS, this is not applicable. Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under IIS, double-click the "MIME Types" icon. From the "Group by:" drop-down list, select "Content Type". From the list of extensions under "Application", verify MIME types for OS shell program extensions have been removed, to include at a minimum, the following extensions: .exe .dll .com .bat .csh If any OS shell MIME types are configured, this is a finding. Fix TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under IIS, double-click the "MIME Types" icon. From the "Group by:" drop-down list, select "Content Type". From the list of extensions under "Application", remove MIME types for OS shell program extensions, to include at a minimum, the following extensions: .exe .dll .com .bat .csh Under the "Actions" pane, click "Apply". Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be OPEN on 10/23/2025 ResultHash: 47C2C311101A88836E6EF2E986BC87A38AC57B63 ~~~~~ The following invalid MIME types for OS shell program extensions are configured: .exe .dll .csh
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl
Scan Date: 2026-01-14T12:57:32.874734
Technology Area: Web Review
|
||||||||
| V-218798 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Server Security Techn... | The IIS 10.0 web server must have Multipurpose Int... | - | |||
Check TextNote: If the server is hosting WSUS, this is not applicable. Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under IIS, double-click the "MIME Types" icon. From the "Group by:" drop-down list, select "Content Type". From the list of extensions under "Application", verify MIME types for OS shell program extensions have been removed, to include at a minimum, the following extensions: .exe .dll .com .bat .csh If any OS shell MIME types are configured, this is a finding. Fix TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under IIS, double-click the "MIME Types" icon. From the "Group by:" drop-down list, select "Content Type". From the list of extensions under "Application", remove MIME types for OS shell program extensions, to include at a minimum, the following extensions: .exe .dll .com .bat .csh Under the "Actions" pane, click "Apply". Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be OPEN on 10/23/2025 ResultHash: 47C2C311101A88836E6EF2E986BC87A38AC57B63 ~~~~~ The following invalid MIME types for OS shell program extensions are configured: .exe .dll .csh
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl
Scan Date: 2026-01-14T12:57:35.201603
Technology Area: Web Review
|
||||||||