Penetration tools may alert if IIS server is accepting requests with HTTP OPTIONS<\/strong> method. This is because the response to these requests may reveal what other methods are supported by the web server.<\/p>\n\n\n\n Warning:<\/strong> Disabling OPTIONS may have unintended consequences like CORS preflight requests to break. Please test the applications thoroughly after making the change below.<\/p><\/blockquote>\n\n\n\n Follow the steps below to disable OPTIONS method.<\/p>\n\n\n\n Penetration tools may also raise an alarm if the default IIS page is still available in your server. This page comes by default when you install Web Server role.<\/p>\n\n\n\n Warning:<\/strong> Disabling the default page of a web application may cause unwanted results. Please make sure to test the application thoroughly after following the steps below.<\/p><\/blockquote>\n\n\n\n Follow the steps below to disable it so this vulnerability don\u2019t come up in the reports anymore.<\/p>\n\n\n\n Solution #2<\/strong><\/p>\n\n\n\n \u00a0Just delete the iisstart.* pages at c:\\inetpub\\wwwroot and it should solve the problem.<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" TIPS: Scroll down this post and try soltuion#2 would be a easy and fast way to fix this. Solution #1 Penetration tools may alert if IIS server is accepting requests with HTTP OPTIONS method. This is because the response to these requests may reveal what other methods are supported by the web server. Warning: Disabling OPTIONS may have Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[10,14,15],"tags":[1735,1736,1737],"class_list":["post-4981","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-windows-7-8-10","category-windows-servers","tag-iis-default-index-page-vulnerabilities","tag-iis-default-index-page-vulnerability","tag-iis-http-options-vulnerability"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4981"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4981\/revisions"}],"predecessor-version":[{"id":4982,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4981\/revisions\/4982"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/figure>\n\n\n\n
<\/figure>\n\n\n\n