Microsoft IIS Tilde Directory Enumeration

Impact: Medium

Description

In some versions of Microsoft IIS, it is possible to detect the existence of files using an 8.3 short filename (SFN). This vulnerability allows attackers to enumerate and find sensitive files on the web server, potentially leading to unauthorized access or exposure of confidential information.

Recommendation

Please read the reference for detailed information and mitigation strategies specific to this vulnerability.

References

CWE-200
Microsoft IIS tilde character “~” Vulnerability/Feature
OWASP 2021-A5

👉 You might also like:

Directory Listing of Sensitive Files - Vulnerability

Directory Listing - Vulnerability

User Enumeration - Vulnerability

WordPress User Enumeration - Vulnerability

Last updated on May 13, 2024

Microsoft IIS Tilde Directory Enumeration

Description

Recommendation

References

This issue is available in SmartScanner Professional