IIS Short File Name Disclosure
Variants:
Direct
Vector Type:
Attack
Relevance:
Technology Version Specific
Layer:
Web-Infrastructure-Level
Platforms:
IIS
Target Type:
Web Application
Affected Mechanisms:
Hardening
Invented In:
01/08/2010
Added In:
25/12/2014
Vector Operation Method:
A feature in IIS could be abused to easily enumerate file names using the tilde operator.
