Author Topic: False positive ?- wrong O/S and IIS version  (Read 4019 times)

Offline GraemeW

  • Newbie
  • *
  • Posts: 2
False positive ?- wrong O/S and IIS version
« on: December 01, 2015, 06:45:23 AM »
Hi. I signed up for the trial PCI scan and got flagged with the following high level vulnerability

Microsoft ASP.NET MS-DOS Device Name DoS 80 / tcp / www

However when I started Googling it appears that this is only relevant if you are running IIS6 on Windows 2003.
Our website runs on Win 2012 and IIS8

I’ve had a trial scan from another company  that hasn’t flagged this up

It’s possible the internet posts and other company are wrong though. Has anyone else come across this?


Offline RossPH

  • Comodo Member
  • **
  • Posts: 29
Re: False positive ?- wrong O/S and IIS version
« Reply #1 on: December 03, 2015, 01:12:09 PM »
CVE-2007-2897 only applies to IIS 6.0,  so it would be a false positive if your running IIS 8.


Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek