Microsoft IIS Tilde Character Information Disclosure Vulnerablity

We are seeing this vulnerability reported. But, the information is not complete enough for me to verify and no references are giving. Can you help me with this?

Vulnerability Name: Microsoft IIS Tilde Character Information Disclosure Vulnerability Risk: Medium Hostname / IP Address: XX.XX.XX.XX Service(Port)/Protocol: general(0)/tcp Scan Date:

Category: Web servers Summary: The remote host has Microsoft IIS installed and prone to information disclosure vulnerability. Microsoft IIS fails to validate a specially crafted GET request having a '~' tilde character, which allows to disclose all short-names of folders and files having 4 letters extensions.

File/Folder name found on server starting with letter(s): aabbcc Impact: Successful exploitation will let the remote attackers to obtain sensitive information that could aid in further attacks. Solution: Test ID: 15257

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk