Vulnerability “Remove the default page or stop/disable the IIS server”

Penetration tools may raise an alarm if the default IIS page is still available in your server. This page comes by default when you install Web Server role.

Follow the steps below to disable it so this vulnerability don’t come up in the reports anymore.

IIS default page

Steps to disable default page:

  1. Open IIS Manager
  2. Click the server name
  3. Double click on Default Document
  4. On the right side, click “Disable”
Disable default page

Here is a list of known IIS vulnerabilities: List

If you see a vulnerability about older TLS versions, check this post out: Security Scan (Qualys SSL Labs) shows TLS 1.0 and 1.1 are enabled

1 thought on “Vulnerability “Remove the default page or stop/disable the IIS server””

Leave a Comment