Web server default page

["Cheek, Leigh" <lcheek () UTK EDU>]

I am auditing a system with web access. When reviewing the website, I
check the certificates and truncate website address to check whether
installed software like Banner or Oracle have created default website. I
usually like to see a redirect back to the main access page. When I
truncated the subdirectories off the main web address, I have found
instead a under construction default page from IIS (see below). 

------------------------
Under Construction


The site you are trying to view does not currently have a default page.
It may be in the process of being upgraded and configured. 

Please try this site again later. If you still experience the problem,
try contacting the Web site administrator. 


If you are the Web site administrator and feel you have received this
message in error, please see "Enabling and Disabling Dynamic Content" in
IIS Help. 

To access IIS Help
Click Start, and then click Run. 
In the Open text box, type inetmgr. IIS Manager appears. 
> From the Help menu, click Help Topics. 
Click Internet Information Services. 

-------------------------

Do you see any big vulnerabilities with the IIS default page? 

Thanks,
Leigh Cheek, CIA, CISA
Senior Auditor
Audit and Consulting Services
University of Tennessee
149 Conference Center Building
Knoxville, TN 37996-4114
(865) 974-4420
fax (865) 974-6171
lcheek () utk edu