Main cause of this type of vulnerability is the use of TLS1.0 which utilizes a "Static Key Cipher". Though this is said to be “low severity” vulnerability still it’s always recommended to use TLS1.1 or above versions.
It’s better to disable older versions like sslv3 / TLS 1.0 if enabled, there are no serious vulnerabilities found in TLS 1.1, but it’s necessary that servers must be patched/upgraded and should be kept up to date as a basic security practice.
There is no "real" security issue in TLS 1.1 that TLS 1.2 fixes. However, TLS 1.2 is a bit more safety so, it’s better to configure TLS1.2
We can use the IISCrypto tool to enable or disable any protocols or Ciphers. Search for KB "Configuring Protocols, Ciphers or Hashes using IIS Crypto." to know more on this.
Few similar types of vulnerabilities related to SSL and TLS1.0 are below,
- tlsv1_1-enabled
- sslv3-supported
- sslv3-cve-2014-3566-poodle
- ssl-cve-2011-3389-beast
- tlsv1_0-enabled