Microsoft IIS 404 Response Service Pack Signature

info Nessus Plugin ID 11874

Synopsis

The remote web server is running Microsoft IIS.

Description

The Patch level (Service Pack) of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk.

Note that this test makes assumptions of the remote patch level based on static return values (Content-Length) within a IIS Server's 404 error message. As such, the test can not be totally reliable and should be manually confirmed.

Note also that, to determine IIS6 patch levels, a simple test is done based on strict RFC 2616 compliance. It appears as if IIS6-SP1 will accept CR as an end-of-line marker instead of both CR and LF.

Solution

Ensure that the server is running the latest stable Service Pack.

Plugin Details

Severity: Info

ID: 11874

File Name: iis_ver_check.nasl

Version: 1.25

Type: remote

Family: Web Servers

Published: 10/9/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:microsoft:iis