The web server must use a vendor-supported version of the web server software.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2246 | WG190 IIS6 | SV-38193r1_rule | ECSC-1 | High |
| Description |
|---|
| Several vulnerabilities are associated with older versions of web server software. As hot fixes and patches are issued, these solutions are included in the next version of the server software. Maintaining the web server at a current version makes the efforts of a malicious user more difficult. |
| STIG | Date |
|---|---|
| IIS6 Server | 2014-12-05 |
Details
| Check Text ( C-37643r1_chk ) |
|---|
| 1. Using Explorer, find the inetinfo.exe file or move to the file %systemroot%\system32\inetsrv\inetinfo.exe. 2. Right-click on inetinfo.exe and select properties. 3. Select the version tab. The file version field should be 6.0.xx. 4. If the current version of the web server software is not installed and running, this is a finding. |
| Fix Text (F-32884r1_fix) |
|---|
| Upgrade to the current version of the web server software and maintain appropriate service packs and patches. |