Skip to content


Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character (\~). This may allow a remote attacker to gain access to file and folder name information.

brew install jenv
echo 'export PATH="$HOME/.jenv/bin:$PATH"' >> ~/.zshrc
echo 'eval "$(jenv init -)"' >> ~/.zshrc
brew tap homebrew/cask-versions
jenv add $(/usr/libexec/java_home)
jenv add /Library/Java/JavaVirtualMachines/zulu-7.jdk/Contents/Home/
jenv version
jenv doctor
git clone
cd IIS-ShortName-Scanner
jenv local 1.7
java -jar iis_shortname_scanner.jar URL