CVE-2003-1567
HIGHInternet Information Services 5.0 - Exposure of Sensitive Information via TRACK Method
Title source: llmDescription
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
References (5)
Core 5
Core References
Exploit mailing-list
x_refsource_ntbugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/288308
Exploit x_refsource_misc
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5648
Various Sources
https://www.aqtronix.com/Advisories/AQ-2003-02.txt
Scores
CVSS v3
7.5
EPSS
0.2506
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
microsoft/internet_information_services
5.0
Published
Jan 15, 2009
Tracked Since
Feb 18, 2026