| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-218772 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Site Security Technic... | The maximum number of requests an application pool... | - | |||
Check TextNote: If the IIS Application Pool is hosting Microsoft SharePoint, this is Not Applicable. Note: If this server is hosting WSUS, this requirement is Not Applicable. Note: If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. Open the IIS 10.0 Manager. Perform for each Application Pool. Click "Application Pools". Highlight an Application Pool and click "Advanced Settings" in the "Action" Pane. Scroll down to the "Recycling section" and verify the value for "Request Limit" is set to a value other than "0". If the "Request Limit" is set to a value of "0", this is a finding. If the system must require "Request Limit" to be set to "0", it is documented and approved by the ISSO, this is not a finding. Fix TextOpen the IIS 10.0 Manager. Click "Application Pools". Highlight an Application Pool and click "Advanced Settings" in the "Action" Pane. Scroll down to the "Recycling section" and set the value for "Request Limit" to greater than "0". Click "OK". Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Site_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: Site: Default Web Site ResultHash: A56676E8EA3BFCF08B73F6A5B5A76450CBBE9579 ~~~~~ Application Pool: .NET v4.5 Request Limit: 0 Application Pool: .NET v4.5 Classic Request Limit: 0 Application Pool: DefaultAppPool Request Limit: 0 CommentsThe maximum number of requests an application pool can process for each IIS 10.0 website is explicitly set. Application Pool: DefaultAppPool Request Limit: 10
Source: SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb
Scan Date: 2026-03-12T15:38:14.459023
Technology Area: Web Review
|
||||||||