UAG Penetration testing flagging up IIS6 on a 2008 R2 IIS 7.5 Server RRS feed

  • Question

  • Hi All,

    A recent pen test report is flagging up IIS6 headers on an external pen test carried out against our UAG server even though IIS 7.5 is installed and its a 2008 R2 server.

    I am at a loss as to where this IIS 6 header is being generated from, the IIS6 management tools appear to be installed but no websites are in created within it, all our websites are hosted in IIS 7.5

    There is TMG 2010 installed on the same server also.

    The company doing the pen test advised they can see both 6.0 and 7.5 headers

    Server => Microsoft-IIS/6.0

    Server => Microsoft-IIS/7.5

    I've removed the HTTP responce headers from using the tool URL REWRITE from microsoft but i still need to know where the headers were being generated from .

    Anyone got any ideas?

    Wednesday, April 6, 2016 10:28 AM