False positive ?- wrong O/S and IIS version

Hi. I signed up for the trial PCI scan and got flagged with the following high level vulnerability

Microsoft ASP.NET MS-DOS Device Name DoS 80 / tcp / www

However when I started Googling it appears that this is only relevant if you are running IIS6 on Windows 2003.
Our website runs on Win 2012 and IIS8

I’ve had a trial scan from another company that hasn’t flagged this up

It’s possible the internet posts and other company are wrong though. Has anyone else come across this?


CVE-2007-2897 only applies to IIS 6.0, so it would be a false positive if your running IIS 8.