Description
In some versions of Microsoft IIS, it is possible to detect the existence of files using an 8.3 short filename (SFN). This vulnerability allows attackers to enumerate and find sensitive files on the web server, potentially leading to unauthorized access or exposure of confidential information.
Test for IIS Tilde Vulnerability with SmartScanner
Donwload FREE!Recommendation
Please read the reference for detailed information and mitigation strategies specific to this vulnerability.
References
- Microsoft IIS tilde character “~” Vulnerability/Feature
- CWE-200
- CAPEC-118
- OWASP 2021-A1
- OWASP 2021-A5
Related Issues
- Directory Listing of Sensitive Files - Vulnerability
- Directory Listing - Vulnerability
- User Enumeration - Vulnerability
- WordPress User Enumeration - Vulnerability
You might also like:
- Tags:
- Information Disclosure
- IIS
- Directory Listing
- File Disclosure
Anything's wrong? Let us know
Last updated on May 13, 2024