virus logo Intrusion Prevention

MS.IIS.ShortName.Vulnerability.Scanner

description-logoDescription

This indicates detection of an attempted scan for Microsoft IIS tlide vulnerability.
It is used to probe computer networks to allows a remote attacker to disclose file and folder name under the web root. An attacker may utilize the scanner to identify services on the target system and perform further attacks based on its findings.

affected-products-logoAffected Products

IIS 1.0, Windows NT 3.51
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 2
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional and Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista
IIS 7.5, Windows 7 (error remotely enabled or no web.config)
IIS 7.5, Windows 2008 (classic pipeline mode)

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.
Monitor the traffic from that network for any suspicious activity.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-09-05 25.632 Sig Added
2019-02-01 14.540 Name:Microsoft.
IIS.
ShortName.
Vulnerability.
Scanner:MS.
IIS.
ShortName.
Vulnerability.
Scanner
2019-01-30 14.537 Default_action:pass:drop
2018-12-05 13.503

References

https://soroush.secproject.com/downloadable/iis_tilde_shortname_disclosure.txt
ID 47145
Created Dec 05, 2018
Updated Sep 01, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows
Affected App IIS