| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218743 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Site Security Technic... | The IIS 10.0 website must have Multipurpose Intern... | - | |||
Check TextNote: If the server is hosting WSUS, this is not applicable. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click on the IIS 10.0 site. Under IIS, double-click the “MIME Types” icon. From the "Group by:" drop-down list, select "Content Type". From the list of extensions under "Application", verify MIME types for OS shell program extensions have been removed, to include at a minimum, the following extensions: .exe .dll .com .bat .csh If any OS shell MIME types are configured, this is a finding. Fix TextFollow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click on the IIS 10.0 site. Under IIS, double-click the “MIME Types” icon. From the "Group by:" drop-down list, select "Content Type". From the list of extensions under "Application", remove MIME types for OS shell program extensions, to include at a minimum, the following extensions: .exe .dll .com .bat .csh Select "Apply" from the "Actions" pane. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Site_Checks) found this to be OPEN on 03/05/2026 Site: Default Web Site ResultHash: 655AA1250F9F447877A75E551AC19473E3E576A5 ~~~~~ WSUS Hosted: False The following invalid MIME types for OS shell program extensions are configured: .exe .dll .csh CommentsManual check shows setting as follows: WSUS Hosted: False No invalid MIME types for OS shell program extensions found.
Source: SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb
Scan Date: 2026-03-12T15:38:14.459023
Technology Area: Web Review
|
||||||||