Server Side Include (SSI) files in IIS have the #exec function vulnerability.
CVE-1999-0561 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
IIS has the #exec function enabled for Server Side Include (SSI) files.
Learn more about our Cis Benchmark Audit For Server Software.