STIGQter STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

ASP.NET version must be removed from the HTTP Response Header information.

DISA Rule

SV-241789r695284_rule

Vulnerability Number

V-241789

Group Title

SRG-APP-000266-WSR-000159

Rule Version

IIST-SV-000215

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Open the IIS 10.0 Manager.
Under the "Connections" pane on the left side of the management console, select the IIS 10.0 web server.
Click the HTTP Response Headers button.
Click to select the “X-Powered-By” HTTP Header.
Click “Remove” in the Actions Panel.
Note: This can be performed multiple ways, this is an example.

Check Contents

Open the IIS 10.0 Manager.

Under the "Connections" pane on the left side of the management console, select the IIS 10.0 web server.

Click the HTTP Response Headers button.

Click to select the “X-Powered-By” HTTP Header.

If “X-Powered-By” has not been removed, this is a finding.

Vulnerability Number

V-241789

Documentable

False

Rule Version

IIST-SV-000215

Severity Override Guidance

Open the IIS 10.0 Manager.

Under the "Connections" pane on the left side of the management console, select the IIS 10.0 web server.

Click the HTTP Response Headers button.

Click to select the “X-Powered-By” HTTP Header.

If “X-Powered-By” has not been removed, this is a finding.

Check Content Reference

M

Target Key

4052

Comments