| VID |
27075 |
| Severity |
10 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
You should prevent to leak unnecessary information related to web server such as error page, web server type, running OS, user account name, and etc. This helps to gather information for attacking.
* Platforms Affected:
Microsoft IIS Server |
| Recommendation |
[Windows Server 2003]
Internet Information Service(IIS) Management> Properties> User Define Error Tab> Set specific page about web service error like 400, 401, 403, 404, 500
1. User Define Error Tab
2. Select a error item
3. Make and connect to error page which does not provide about server information.
[Windows Server 2008, 2012, 2016, 2019]
1. Set error message
Internet Information Service(IIS) Management> specific website> Error Page> Set specific page about web service error like 400, 401, 403, 404, 500
2. Edit error page setting
Internet Information Service(IIS) Management> specific website> Error Page> Feature Settings Edit> Set ¡±User Define Error Page¡° |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
