| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-278953 | CAT II | SCHR-P3-DP-001 | Microsoft IIS 10.0 Site Security Technic... | HTTPAPI Server version must be removed from the HT... | - | |||
Check TextNote: If the server is hosting WSUS, this is not applicable. Open Registry Editor. Navigate to "HKLM\System\CurrentControlSet\Services\HTTP\Parameters". Verify "DisableServerHeader” is set to "1". If REG_DWORD DisableServerHeader is not set to "1", this is a finding. If the system administrator (SA) can show that Server Version information has been removed via other means, such as using a rewrite outbound rule, this is not a finding. Fix TextNavigate to "HKLM\System\CurrentControlSet\Services\HTTP\Parameters". Create REG_DWORD "DisableServerHeader” and set it to "1". Note: This can be performed multiple ways; this is an example. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Site_Checks) found this to be NOT A FINDING on 03/05/2026 Site: Default Web Site ResultHash: 104E498E88DEE469BE248058E3FD241D25AF3ECD ~~~~~ Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\HTTP\Parameters Value Name: DisableServerHeader Value: 0x00000002 (2) Type: REG_DWORD
Source: SCHR-P3-DP-001_IIS10Site_Default_Web_Site_V2R14_20260305-133115.cklb
Scan Date: 2026-03-12T15:38:14.459023
Technology Area: Web Review
|
||||||||