Gravité: : Medium
  Date du conseil: 21 juillet 2015

  Description

The URL parser in Microsoft Internet Information Services(IIS) allows remote attackers to execute a Denial of service attack by arguments such as "~". Microsoft IIS is prone to a file-enumeration weakness too because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to enumerate the files present in the webserver's root directory this may aid in further attacks.

  Information Exposure Rating:

Apply associated Trend Micro DPI Rules.

  Solutions

  Trend Micro Deep Security DPI Rule Number: 1005076
  Trend Micro Deep Security DPI Rule Name: 1005076 - Detected Microsoft Windows Short File/Dir Names Over HTTP

  Affected software and version:

  • Microsoft IIS