[trackerbri]

Usually when we see stuff like that it's because there's a device doing some traffic control (load balancer, proxy, WAF, whatever) for the web server that runs some version of Linux. So you'll get a report that says IIS on Redhat or IIS and Apache both running on port 80.

Since the automated scanners are... stupid, they'll then gleefully go off and check for Linux vulnerabilities too.

The guys doing the analysis should of course catch all that, but if no one is doing any analysis and just parroting what the tools tell them, it ends up in the report.