A security scan of a web app running windows has been identified as a High vulnerability. Since this is an old version of the software, it may be vulnerable to attacks. When the Server: Microsoft-IIS/10.0
External References: https://nvd.nist.gov/vuln/detail/CVE-1999-0229
Internet Information Services Other Vulnerability
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
Affected Versions: 10.0
External Referenceshttps://nvd.nist.gov/vuln/detail/CVE-2000-0115
How can we do the following to fix this issue when using Azure web app?
Remedy
Upgrading IIS to a higher version is not a standalone operation. The IIS version depends heavily on the Windows OS version that
you use on your server machine.
If it is not possible to upgrade IIS to a higher version for this type of reason, we strongly recommend that you track and apply the
patches that are published by the vendor.
Please note that all updates and patches for IIS come as Windows Updates. Also, you can select which update package(s) will be
applied.