Microsoft IIS shortname vulnerability scanner

1976-01-01T00:00:00
ID MSF:AUXILIARY/SCANNER/HTTP/IIS_SHORTNAME_SCANNER
Type metasploit
Reporter Rapid7
Modified 1976-01-01T00:00:00

Description

The vulnerability is caused by a tilde character "~" in a GET or OPTIONS request, which could allow remote attackers to disclose 8.3 filenames (short names). In 2010, Soroush Dalili and Ali Abbasnejad discovered the original bug (GET request). This was publicly disclosed in 2012. In 2014, Soroush Dalili discovered that newer IIS installations are vulnerable with OPTIONS.