Gravità: : Medio
  Data notifica: 21 luglio 2015

  Descrizione

The URL parser in Microsoft Internet Information Services(IIS) allows remote attackers to execute a Denial of service attack by arguments such as "~". Microsoft IIS is prone to a file-enumeration weakness too because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to enumerate the files present in the webserver's root directory this may aid in further attacks.

  Informazioni esposizione:

Apply associated Trend Micro DPI Rules.

  Soluzioni

  Trend Micro Deep Security DPI Rule Number: 1005076
  Trend Micro Deep Security DPI Rule Name: 1005076 - Detected Microsoft Windows Short File/Dir Names Over HTTP

  Software e versione interessati:

  • Microsoft IIS