I have several IIS servers running either IIS 5.0 or 6.0. A security audit recently uncovered one of our 5.0 servers was exposed to this False Logging Weakness where IIS will interpret hex code as characters. The potential is that an attacker could fill the log files with garbage. URLScan was prescribed as the possible fix. The question is what setting/configuration will prevent this? I have URLScan configured on the servers.
I'm also wondering why only one server was discovered with this vulnerability exposed. All our IIS 5.0 servers have URLScan configured identically. Could this be a case of a false positive on the scan?
Thanks in Advance