Out-of-date Version (IIS)

Summary#

Invicti identified the target web site is using IIS and detected that it is out of date.

Impact#

Since this is an old version of the software, it may be vulnerable to attacks.

Remediation#

Upgrading IIS to a higher version is not a standalone operation. The IIS version depends heavily on the Windows OS version that you use on your server machine.

If it is not possible to upgrade IIS to a higher version for this type of reason, we strongly recommend that you track and apply the patches that are published by the vendor.

Please note that all updates and patches for IIS come as Windows Updates. Also, you can select which update package(s) will be applied.

Classifications#

ISO27001-A.14.1.2, PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), OWASP 2013-A9, OWASP 2017-A9

Out-of-date Version (IIS)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.