Microsoft URLScan Tool Information Disclosure Vulnerability

Microsoft URLScan Tool Information Disclosure Vulnerability

Microsoft URLScan has been reported prone to an information disclosure vulnerability in some server configurations.

It has been reported that a remote attacker may disclose accurate IIS server HTTP header information, regardless of whether the server is protected by the URLScan tool. The issue presents itself when an attacker makes a HTTPS request to an IIS server that is HTTPS enabled. A partial header will be returned to the attacker containing potentially sensitive version information.