| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218824 | CAT II | MONT-MB-002 | Microsoft IIS 10.0 Server Security Techn... | Unspecified file extensions on a production IIS 10... | - | |||
Check TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "ISAPI and CGI restrictions" icon. Click “Edit Feature Settings". Verify the "Allow unspecified CGI modules" and the "Allow unspecified ISAPI modules" check boxes are NOT checked. If either or both of the "Allow unspecified CGI modules" and the "Allow unspecified ISAPI modules" check boxes are checked, this is a finding. Fix TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "ISAPI and CGI restrictions" icon. Click "Edit Feature Settings". Remove the check from the "Allow unspecified CGI modules" and the "Allow unspecified ISAPI modules" check boxes. Click "OK". Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 6CC480805F1D38F03EA4026B3D32A856071B7CC3 ~~~~~ Unspecified ISAPI is not enabled. NOT A FINDING. Unspecified CGI is not enabled. NOT A FINDING.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_IIS10Server_V3R4_20251023-152431.ckl
Scan Date: 2026-01-14T12:57:32.874734
Technology Area: Web Review
|
||||||||
| V-218824 | CAT II | MONT-DP-001 | Microsoft IIS 10.0 Server Security Techn... | Unspecified file extensions on a production IIS 10... | - | |||
Check TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "ISAPI and CGI restrictions" icon. Click “Edit Feature Settings". Verify the "Allow unspecified CGI modules" and the "Allow unspecified ISAPI modules" check boxes are NOT checked. If either or both of the "Allow unspecified CGI modules" and the "Allow unspecified ISAPI modules" check boxes are checked, this is a finding. Fix TextOpen the IIS 10.0 Manager. Click the IIS 10.0 web server name. Double-click the "ISAPI and CGI restrictions" icon. Click "Edit Feature Settings". Remove the check from the "Allow unspecified CGI modules" and the "Allow unspecified ISAPI modules" check boxes. Click "OK". Finding DetailsEvaluate-STIG 1.2507.5 (Scan-IIS10_0_Server_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 6CC480805F1D38F03EA4026B3D32A856071B7CC3 ~~~~~ Unspecified ISAPI is not enabled. NOT A FINDING. Unspecified CGI is not enabled. NOT A FINDING.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_IIS10Server_V3R4_20251023-143809.ckl
Scan Date: 2026-01-14T12:57:35.201603
Technology Area: Web Review
|
||||||||