I have a Windows Server 2003 and it's present this vulnerability, but that is a Domain Controller and doesn't have a Web Services installed.
Why Qualys found this vulnerability?
Same suggestions apply, please open a case with support to review the findings in detail. However, as mentioned this is an active check which indicates that the scan has detected an web service and has likely injected XSS syntax into a value and that syntax was reflected in the resulting page OR the web service version is known to be vulnerable to XSS.
It would depend on which service descovered the vulnerability and the QID it presented, as to how you will remediate the problem.
Was this a Vulnerability Management scan or a Web Application Scan that determined the vulnerability?
Also, what QID is being presented to you?
I would suggest opening a case with Technical Support (email@example.com) so that we can review the scan results. As Jason said, remediation depends on a number of factors and the scan results should point us in the correct detection.
Hi Patrick, yeahh I understand, but my server is a Domain Controller and it doesn't have Web Services.
It was a Vulnerability Management Scan and QID is 86175
Based on that QID, which is an active check, we are detecting some type of web service which is responding with a vulnerable response.
Please check the results for the Port which this finding was detected for, the port should be listed to the right of the vulnerability title in a standard RAW scan.
Additionally, you can review the services/ports detected under QID 82023.
i have same question. Port are 443 and 8443
Retrieving data ...