Nexpose Vulnerability Database
- Try searching for a product or vendor.
- Only vulnerabilities that match all search terms will be returned.
- Enclose search terms in double quotes for an exact search.
- For CVE searches, only enter the CVE-YYYY-XXXX code.
Get Nexpose now
Search vulnerabilities with Rapid7's vulnerability management solution
FREE DOWNLOADMicrosoft IIS default installation/welcome page installed
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| Moderate (2) | 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Apr 21, 2005 | Apr 21, 2005 | Jan 28, 2011 |
Description:
The IIS default installation or "Welcome" page is installed on this server. This usually indicates a newly installed server which has not yet been configured properly and which may not be known about.
In many cases, IIS is installed by default and the user may not be aware that the web server is running. These servers are rarely patched and rarely monitored, providing hackers with a convenient target that is not likely to trip any alarms.
Vulnerability Management
Get your solution now
References:
Solution:
Remove the default page or stop/disable the IIS server
If this server is required to provide necessary functionality, then the default page should be replaced with relevant content. Otherwise, this server should be removed from the network, following the security principle of minimum complexity.
If the server is not needed, it can be disabled in the following way: in the Services window of the Control Panel's Administrative Tools section, right-click on the 'World Wide Web Server' entry and select 'Stop'. Set its startup type to 'Manual' so that it does not restart if the machine is rebooted (this is done by selecting 'Properties' in the right-click menu).
Download Nexpose
Download our vulnerability management solution, Nexpose, for free today. Scan 100% of your infrastructure for vulnerabilities, understand your risk exposure, compare and prioritize your vulnerabilities and verify that they are remediated.