Severity: Low
Netsparker identified a Windows Short File/Folder name disclosure.
The vulnerability is caused by the tilde character (~) with the old DOS 8.3 name convention in an HTTP request. It allows a remote attacker to disclose file and folder names that is not supposed to be accessible.
NtfsDisable8dot3NameCreation
registry key in HKLM\SYSTEM\CurrentControlSet\Control\FileSystem
C:\Windows\System32>FSUTIL.exe 8dot3name set C: 1
NtfsDisable8dot3NameCreation
registry key in HKLM\SYSTEM\CurrentControlSet\Control\FileSystem
C:\Windows\System32>FSUTIL.exe behavior set disable8dot3 1