Two security issues have been reported via this security research:
1- IIS Short File/Folder Name Disclosure by using tilde “~” character:
2- .Net Framework Tilde Character DoS:
Workaround and Prevention:
We are working with security vendors to come up with a solution to mitigate the risk of these vulnerabilities. The paper PDF file will be updated accordingly.
IIS Shortname Scanner PoC – Source Code: http://code.google.com/p/iis-shortname-scanner-poc/
Click here to download the paper.